From c0e65e77b335287daf4f11cff53e66e0c27b9dde Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Tue, 9 May 2023 14:07:05 +0300 Subject: [PATCH] NAS-121539 / 23.10 / Add ClamAV to `community` train (#1139) * add clamav * add initial clamav * update readmes * move to community * no need for hostnet * change image * remove redundant group * add email * bump common * add metadata --- library/ix-dev/community/clamav/Chart.lock | 6 + library/ix-dev/community/clamav/Chart.yaml | 26 +++ library/ix-dev/community/clamav/README.md | 5 + library/ix-dev/community/clamav/app-readme.md | 5 + .../community/clamav/charts/common-1.0.6.tgz | Bin 0 -> 54953 bytes .../community/clamav/ci/basic-values.yaml | 7 + .../community/clamav/ci/milterd-values.yaml | 10 + .../community/clamav/ci/no-clamd-values.yaml | 10 + .../clamav/ci/no-freshclamd-values.yaml | 10 + library/ix-dev/community/clamav/item.yaml | 4 + library/ix-dev/community/clamav/metadata.yaml | 18 ++ .../ix-dev/community/clamav/questions.yaml | 208 ++++++++++++++++++ .../community/clamav/templates/NOTES.txt | 1 + .../community/clamav/templates/_clamav.tpl | 99 +++++++++ .../community/clamav/templates/common.yaml | 6 + .../ix-dev/community/clamav/upgrade_info.json | 1 + .../ix-dev/community/clamav/upgrade_strategy | 31 +++ library/ix-dev/community/clamav/values.yaml | 31 +++ 18 files changed, 478 insertions(+) create mode 100644 library/ix-dev/community/clamav/Chart.lock create mode 100644 library/ix-dev/community/clamav/Chart.yaml create mode 100644 library/ix-dev/community/clamav/README.md create mode 100644 library/ix-dev/community/clamav/app-readme.md create mode 100644 library/ix-dev/community/clamav/charts/common-1.0.6.tgz create mode 100644 library/ix-dev/community/clamav/ci/basic-values.yaml create mode 100644 library/ix-dev/community/clamav/ci/milterd-values.yaml create mode 100644 library/ix-dev/community/clamav/ci/no-clamd-values.yaml create mode 100644 library/ix-dev/community/clamav/ci/no-freshclamd-values.yaml create mode 100644 library/ix-dev/community/clamav/item.yaml create mode 100644 library/ix-dev/community/clamav/metadata.yaml create mode 100644 library/ix-dev/community/clamav/questions.yaml create mode 100644 library/ix-dev/community/clamav/templates/NOTES.txt create mode 100644 library/ix-dev/community/clamav/templates/_clamav.tpl create mode 100644 library/ix-dev/community/clamav/templates/common.yaml create mode 100644 library/ix-dev/community/clamav/upgrade_info.json create mode 100755 library/ix-dev/community/clamav/upgrade_strategy create mode 100644 library/ix-dev/community/clamav/values.yaml diff --git a/library/ix-dev/community/clamav/Chart.lock b/library/ix-dev/community/clamav/Chart.lock new file mode 100644 index 00000000000..38f0629cf7b --- /dev/null +++ b/library/ix-dev/community/clamav/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.6 +digest: sha256:2f1f31c15fb7f92db141a66adbb8d23a8598727730050a3883a211763a4e5472 +generated: "2023-04-28T16:05:12.034666174+03:00" diff --git a/library/ix-dev/community/clamav/Chart.yaml b/library/ix-dev/community/clamav/Chart.yaml new file mode 100644 index 00000000000..55761cbc538 --- /dev/null +++ b/library/ix-dev/community/clamav/Chart.yaml @@ -0,0 +1,26 @@ +name: clamav +description: ClamAV is an open source (GPLv2) anti-virus toolkit. +annotations: + title: Clam AV +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: '1.0.1' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ + email: dev@ixsystems.com +dependencies: + - name: common + repository: file://../../../common + version: 1.0.6 +home: https://www.clamav.net/ +icon: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png +sources: + - https://docs.clamav.net/ + - https://github.com/truenas/charts/tree/master/community/clamav + - https://www.clamav.net/ +keywords: + - anti-virus + - clamav diff --git a/library/ix-dev/community/clamav/README.md b/library/ix-dev/community/clamav/README.md new file mode 100644 index 00000000000..3c4d7460a45 --- /dev/null +++ b/library/ix-dev/community/clamav/README.md @@ -0,0 +1,5 @@ +# ClamAV + +[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. + +- App runs as `root` user diff --git a/library/ix-dev/community/clamav/app-readme.md b/library/ix-dev/community/clamav/app-readme.md new file mode 100644 index 00000000000..3c4d7460a45 --- /dev/null +++ b/library/ix-dev/community/clamav/app-readme.md @@ -0,0 +1,5 @@ +# ClamAV + +[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. + +- App runs as `root` user diff --git a/library/ix-dev/community/clamav/charts/common-1.0.6.tgz b/library/ix-dev/community/clamav/charts/common-1.0.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3f42ea345d3de02ff3b2ac29a313c00ba731c530 GIT binary patch literal 54953 zcmV))K#IQ~iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvFcic9zFb>b(`V@FM$}{R*snyzV^u(T{$d1Q1UUa-<-g|xh z_&_AO8zVMBlW55rTi^Y6uo4@WUeu1A<~fPgBv7crQm85vs$w#kkZkvS3=7)7g_HCz z%YO!g!QlAtkpDXv4BUSQ2Zu+0**iSk-#%<=E2C^5-S!S((I%=7B! z-bRATxWGB(zt2D_tH!J<7?J|u|37#+9O4+m6r4i}Q!?6^K%7yCGgOqP8#^F_6Lbn_ zF+~|HHvpIx=_wdfnwO`$yEivCefg;$lgaLeC@m)N2EEPEscLoOS|PUAAM}qmzIG@7 zfgid4uVFexz*a$-$!Zf{v@zo z620LImo4%Q07_I`;}~5Ogp!z~r+~)BYf(uTh3d`3nG?VTxh;2&M4$HHt}= zl&4^CAiw6Qz$EeCQvp+dIFj#&5U0}uy%`s%9FsJuzLe8AMrCPy+2dad1QYznKxm(T zVJn4B^SRJDs=;Qz7MtTiL;uvwGCYAJ#PBOnPD)HkaeE4)h;3|eB>&2%X?j6Y9N(UT zr^6S7UKFTA8Qs{pgyr~Y2m&(B`}b_$}wfHwy~G0o1(7bJT{2o?Ko z_4;jzimEDq^`s!v+<1pz@-j*W0*oA9}Hny ziZZ$SoS1J*6vt$eUle4BQ=}%G*yCSKGd77NBjKN7n8Qn)Vv3PoEHFt8zD6&FL_5j$K?dlcq|Z|=6Q-HD5EgtHA>xRd0WOb z6~Ai+us|i57O_A&#S^SpQJhat!Qo&qnDCzyG~qMnKc8Semp)EWX%*db3LXufvyv}< zfBNX@*@yG9i`Sy?4jYp?Y;uyk%(WzlGI*Jy*Mjpt!`W3?4bYgB^aY|fq`0bH7Krl) z)mdlh4ZLM@JjqJ+PO|P_aZyt7<(y$lpA;1noN;(h3K*jc zo2ebx+g(N|DtTA(zZfB71QWK7zHkEm3jT@Gm`o6$1iUGx=*8J<@cR7h*<=3s%@}4^ z;Fe5fr7UoaK3cgF%m{B_)$n5Pkj(DEV(VNx^3S zcP`q2yE{g}v{fO!sLn1M?KhGd#008%Zcv!3YV zPl6e6Nxd(@|1uqMK3K@%d^!}gVg>+QPDcP|8vZuOQv^!{7y|$>1Gp@w$ZY6exPW#; zaxmDg{%?{YFfCC6&^0PddQmo}xy_Uk%UqLyB1>!vEuRtw9#Td0n^O(N|m$x7hJn-+bJhen1`I1la z3rNSOU{`=wrC~8b^fgLROwZC(^X<#^JFhL}iCvwxwOq67>JG7%gDOmLE<=mr*O776zwb5}+bx&U&^an79^x3%B?0`Mq*H~Qxn{W_ zc`;4X*C;L!Ei37=dg)b)InfiC^V0fPfOoL!N`&K(!rVn}N+x%aue=(?C5(kkaS3A| zUJO&@jgo*H{N&Nbiy7Tt)iqv*+kJBJwkrMP;;n+sm(K><4`9k`er;X&&-h6D4@Hwa zWvglz=J|)=G>f^6vHKxs5>QzRfg_*KIMibQIojJhw(URrgX4pfwf$!m&*#s(KY~|? zPK&JMVpfJ}r9}cdh7=6(CsYDsCV(Gz@9s8u)pMApLTFP{=yc=rXMnRfohArG_*4IS zuP<-)Can?%H&K;BGSouwk@#zE5 z=YM=r0s^Co<7XAtozAvPUdw)CRIh7qLK0Dv|6x>sTp6>EwoJ?SrXbUGSMy0Y8?ZonrFUmwq z3XovNZo%#(qq_+%cyD1;?*90HK|*u`cnIEs{~y>%K(v|QA_DLKFQ8+T=>hIZAkA!-jZ1Eee!TU`{5Ifp-Ft_oo%O zl0pi0Vi5f>1wV`;iK>DpXD|9F*_Y&V;O-9aeedZI@b|a`{L8lZ2jq}9&-#h)8&;QW zZmC9pn9BBgU=PuA!b@19g|tVBpH>|+IALmH^*$0NwHNmLowz^= z`zr9cfOH&zXjgsyAYMlx(!yQ@lSqba1vGR+v^YAs~gdZ`$IP zEMw~KY*I4GfR53GYo!P!DCrwODpEPP9{8Q9DB_T@Jk?SL|JcP2pl6|>QD;h>&s;4& zRN9yoOxaeQ45ACwqdP#DpT$hUB~WD|(64HnYVf8pIT#|wPXir)F?bNF!K=Vj?+jQ{ zST+FQPy7H=YC*id^U5e(&9d4)sHPkfL5(i3S1XgGvNlcd5z13?J3$#0J^`CohK{+sCVE{6KYv_X)*z7f8L?!Dk1QWAD{Y?7fPn8O15cM;~y>2Im&+yak(| zFJ8WW^W@dz*B{=#e*EeV?2JK5VwjFeNtt>L$`qj-?EhabcSp_uRW`@~qqN5FU+bbPA%qDDXK! zDWYg6=e}3bDc~=;FC~+L+?~$x-g<$qQBku6`eZk)%x`QLoO#QztGDxFw|p~`TV#vg zH>}d)QJeAp6MRoQZh+Z3jMibYm3dh_UAe9C?jJ8-zq#|7uHB)+URNMUnHnWk3o!^`cJ0E>Wrjs1(>?D`02OgLhy?S;Bc6PX%8tWHBxW2pFwZVVb+)5xt;6Hx& z@0}keJ3k~Je)z}E56^dgc-`xlA5-wt9X?A$=l(7;}?;bMPljgk^@iGY|KORyyT6EaG|)&!1Ii%DSy zqkv1IZx!GrmTejkCh<;+tLThblvmkBvuLn8td-7cY*!_Y%}DqqY5i6_40F)nEgDO=8|{l~0|%o;i9~EeN6K^iu>j zK}0V9g<|>$QW$~F>WA1xWx-SMW{d#)!S^?&lFD6=-zM&FRP`7O6&#yY$&3xMn!v^_ zMpj7t9V}+uZ)9bS7r_clTofhQUx6Ymd#~4HrpuM=4Zi)Vzm0vi>I7cG_<47?v9q&d z-`C#TxWa7v5kvhP<{J}4VPbV5+w>|h{Y>wCygk`(Y)_v|OZprYBLue03bI5cC9vV| zfvxatN%3W0;n0U^`i$3(D!RXLfA0T=lhktR;-^wwU=}D#P!X7gs(~m~O^QF5+)4{P z=?SXkq|w52-wySoiFAK5FK zr(jFnVlsLz;q1boSAp9H+KL3;FqXy0<3^*ByZbZQ2_^}EAVW7GWvfvi>HKM>n%e!p zAlbjj^i|00)5+5N@5S;^kdi;CZ3{}sv+zxGE7 z5S)zHl>~O(j};9|*^LbgdM)==*9=wD{1}?EPTi4Bo#*cMmypKe-D=Ml)US8^^^X6C z+wn_z0x{eAc%7rT3E|qs;zkbm@?526aX1F`x@QSXXo)T5Bw0~Q zr8M2C=Gw;ijj%`OB#G23VW%}mq#Tn%niB(y#U9|5F&p)mOvgmTTsM3Bu3v@ChwS%V zIg*;F4Vjg6GOf+i)a*9EKA7gPsfo|lz2Xn4D>6~eVb_>C)s)goD*PN;Mc zfie&F_RJE}n{ivAF5?I-$I{2p(r0~Lc2#=pYINAu=&yfh-F4-9tE;oR%lbcogPp6Y zel0b1AY|0XMO8)zO`ES9jJ9nJ>y&JLu-9#tq(0SCD;1U zS|0*`3VrC$_SETrnMm(&Mk$QP6O_?MOm@a>?#!$gw%-3ZaO3~(?;jkm^}kg-T-TGi zJU}(tpc?LFXod~5>FeGSX{5aQ=16PRF1JZqfrz^yqQ3ZBRmEy|?55y04#9n0JGuJL zvL9!-A7}Bfk4dGbzNp7$5%qO(0o#$JzFqBfNrK%<`eOxpr&>qORFX^T3n)KM2}OTC z5u?epAYDU#6npDx^T%1M$%)GxbKr_Eh-{C(}> z91%FBV^ZLM^B(H6josYOKYs>XXD@C+B(uD|A}NYMB>u5@Zq=KtwHdd2nO&d(pa4_m zJdF*HJ16Mxzd}5vSpS9k?Cln7gZSDYz9PXy@P<~4IA43b>~gFq`^#P6zu+vv*+{N) z{cFA4*UNpq+^ywKQY7OH!5qr~b+zkm1AvA1)t2R@Wshzw$WA}EL|)Xbb&2c}+x>H? zd9_cS{wH%3E=2=u(frqKJ!*G_@kzo9TVL7M#qgGqjSB_zD%mjQ6in*|O~>z4q#%*Az82 z^4iEs0`-k5xtIZXcDZ*gl&*!+`xQ#-*x(!#Jhd1$xeV6eB+iz^t8Uv036U%9V zv(Y1~C+CfXHAgHg8@08J{M|qG@;}%2RuTW}I1vAH?|AM1v64s1|9r5QqX2MFtGfpv z8|3o#w#Zj~gVVI;LV%)FK?)u$J>_UVXec1H1n=ZoLWrAzv@_|sj^q8oN>%6ZAYjAiejg@-(M-ImJF!+}O) zxn855tgK%6p5*50wzBW|RJBrRP7w|emy%if69d5V2BoRFh8d|QI=1fJ(ER~r?*r>u zHaD#`DpFEtSPbt5C7n;&Z%P|)^jE*fdl-7#oAWNl+IsLETMyhTT{X&c4O6WrP3avB zxH{2dwU=}5)6pFHf+UD@+If)9bmgVvY)#&_NurSAyUzm1$O*#1be$S*43*~YyN3&7 zTH0xhmvXqaaEQ-tpsCOB)U5(k(R4bN-klV%8Y?+xeATt-{R~7mL(o#Vs-K(yX@A;V~q7l(Yzamd3NVyeeav| zaArO7UiXI!lCDNXdHn7h*EMBfq_u8t%Iyg9Ac?6_0tF5 z*|YlOxKN6-R`;Y>9YYWGDLpP#`sRMW@0|v!hOJ{UeQG5jQSQFPcz<=0tl{{OC@l10 zFeyxc669Hy@R`d`JtY|iJj=XY12lLf;-u%W`^h_#^L8W4HO($3`XM6~{nd#axSUc& zPF~;%EN+9;SjUsH+>#KkIazeZS;DnXCGA4B}3N|IG89ClB>)FtKXaGDuIPO2Dc>VPpTItR*v zCC-YoJI`BZen`};u=oNf;hrsD;WVOA{xf`N7LfqkZLx0A9g(M=W-K4-ju{L^L|A;&wz#%mpC`_hlG z`Bc7jlW9pGA(Wq!{8m~49Jx=$^8@{!x1CF_?YhB*ECN52V5gd3Oi&RffRY1|LQJIl zpxcwV_@C3?7>kWJ(Nm<%+jEy{>T_g+YRGp`R z>XuqPVLo9=TPWD5ur_f9n7qUnL0%w6i@1a{A0I@GZlFr%G06builn ziI`QEtCI({tcMEv^bt2hQ1Y4^4lDrY&8B~7Lr zZYtNe;3hDS8cO$iO->qNTz|GfJe0?v5WJhf{QWjRXc`eJ{Vg~qFNa-lu*h9&V_*3R z^M58%?|$HM6_*eJpiTcfIPl_s9UQOqzm+_Ky$e^45)7wVEL@U@qyQt7p#oB-lklkk z6sI*@MyTU!f6k^3=%8J3txe3Zj2n*(_Sff7c;HU(1*GH#72LCUn#JJwKsp(}o(_lj z6Nq*qpOyGH4yS3lD4q(2?W)hAo;F?C_G#@q%sy5FAfQ>HOKqz?|NbCY!gCieD^#}c zogd1`sV@rEt1a1r10iJ!RGRasbGN%2w%hT2jlI1~bI^k@uAVa0$kMMWPxrQ9kj=LGoM&fognONEicw_pk;q@-*Bbgi=QU|YM( zN`bCGY`^E-EY>f>^IBXP0k9PAPM5cpg+<(km~rU%-`1$P^Uzr7@^5)>1$+So%2OC4 z5dB94q7Tt*Gw*9N)^Fr#-2Vw(#s0rHIP~`a!@=Qt|6j$^WhoPFCv1(@D{71pTq(*MMGFU$I;;4NbN zYrLjiwb1c~wpAeU^U&M98w-e4Ea^MN1L-L<@Mv{ z2kxWvd2kS(QYKG9-;5ZclV2JRdNM$khLZAFaDC6WPtpMk?vr3Q!r#`nGplo;{cF8R zEa7S6|Li-=7P|h?F8>c)`_IYI(K`Rs=<1-E)=LhG z#a9F0!)&&Jm4|@r_^$3PsMPNxYtH=*JZ=0RW!DRz0JQM`E47EYSJ7-DPOyrx)Dw)piVb)bV)0?a z(zO?Ao!{NzsmCJg)9#PpWtQIZ&4ioM@=xZlw2D>UTMy5j;-{d0&>ny^0uiXnF&L|`jL8Q9vq24BDx zx-EM>u-B7*g(@3V^%Z;pLtK=!Cs676ebx~ANm~n1cKuL#LVyAd*&-doYXtZWydn3b z@H`9uMQ{e9Z4k+p%{LZ)B`N4xnvY@6i}N3dQ?ZFYE{qWKE?~6bA@hOu+cBg6k&al4@|F1x09vMl#;YX9|jga@Qp1pe+8>0CfG|ImO4nb zISn6ls@L4lCcI#Kn4*aYdr~DuQ+_mR;!0Pqp4*0VizReXTr^MA~R1KoJqFB!~lJpIsreFGU^-`8T8Hbtr$*F%3ZP~C5{tV%P>evhh&-s!XcSu zJUJloPJg`qKp)vAT)U2(<^w@{eB3+Jq=rMlUix@2dep6(nz7MzFKLkEGT(B1(i(!~ zhP^?nFg-yuJXTZ*RMN3>Mzg5Bn^#*%wdpHZ>cy$M@9>el?yK+Oj|)i00o?WZV=G7Y z!99$;UC-(YT~JC)A&hGJhcP>&d=>G!DriQ*cEB6O7dA_O%hrt!`ahFJ@6-N!cyxH+ z*?-sZA6N5u`ac`(r5OPjuCXW0jJC)r+D>#Drb%%P~!!X#b~ z441ADerAR&j%3A*=D|?Zo(VmbaJ!TK8}g@{UrSLMh!I%4Vh}1UL=~03l`3D`YA^+d zmB6oI54J<5G36*oab+;>Y^pFh#&T7#x}h+14}N&bC$+M$x%qEi1QoOI&^M)n{QnG> zizNVS^Zz(JIrilLlcTl#zlz6`|DP?*_d`yd??wI>wA{~OAj(2VfqW=-{G&Ej+!gv} zGSu)DEv38wFB6AykE??=fJ=EaXGd)R3a67|6y%1Z`oTM>)E#88@akyJIo4yv`Nv+9 z7tOcE+B-dM{C|i)q2%#mP9QD(|77pLv;Umzt@-~-9*h6~$_9IRULb1jd>1=FMa)vS zfZZR#*)_ol$Z!gBf-{N=Hbi?{2o97^d+w<*^87k7R1)PTSs5|h@|Ck9$ zoF)0@e@rNEpP#+{trn2@S`W*kTla{lX%cerR>Uq1HpD;9(+;n=V=_Q(yAF77)ivGg zfi3irjWum31O^W45$aivHUPT~!^FNFSL~Kf#JfK@;KG3p0|9eglA6`FxQwK&E7CWuPYQq`j z)43Fgg3C9*a1$~url{8g5&PHHe!5X6IoYFEPk(>>iZQgaU!FdD`sV55*Md~VwHnyF z7o%yGhJSzh`spvv9)EcB`1hyhs?msv5K(9k0XhPIG0ifj?Z8rqRBTc48I46Mf~^4{ z1sL(bKt*qxzbg=*h5%*Pu290)Bq@wVR&m>YG0o1(w1_2X9`7KgGh1jZN?h$r)bc=GDy+lvp2g9$>YnPh~}UthB+RUnvf zzuuRxKthlRk0s|G&wv5S<4P7UnK&TRXFv*ur2@ePDtqRU!k$R7p;xSFoTBo!q-f&L zwHG8~Mds*$*T)}TJwAK%;pK~G|NY_B%a@X=MSH;&7q;vOpgUjFdQ!>%hWW&I^5$>r z3@5@=@@FxQ{0W{m`wyPL5mGT+=QIMf*nbZ8_r3TpC;MyvpOrjbpiDmCMj(&nn1ZZn z^j+A49Ez6h7sSE86wdzITvO?_G79wR0}%0&CIVg-Fbh?C|I?5jxR*Jb%q%sjB`RoE z8=8~{p|l5Ht)Ph9#n_-U%O6Vnh+YMtZnYd~O#21ONr@>jGBC~VQB&b#zg zg9?SC*>KqME+?Bv&2B(*aFGjB0C!D5)!fkWgRI79>A`%OrWYi|@ok;4R8Q2XDjR|5 z>F@=i7X>O&MjHYwZRV^3My9FGt{R=CH}JM(x*WPjMdawiw%sj+w{BvgUatT?Y&XIg zBVd^0Dm+4XHrX{Q*?j%zYYc`C$9XrH#k|#f2(*b`A-k_ za)dq&?z<593~H7w?2QSzGPjMqK(8suBM{}Jq^~I~sI^&aid=_P1@sBU5s1c==JKD? zs^E!))kvEgiL_ZTbhgDmRjS#(bNu6NSgg1tWxmV78mEWgX9lLj?qu#svSt2nhx@-u zKB%bdvtA8j-YQ_3xHB*hqs|!EJ!qmLhI#SME2YR%UHG+*1n^sP5#SCK^F}G+9LlQ?GFxJ|F46+b^N!LJeK^&2YZRp-#EPQ zLim%E+>iIK%*8DeipyV>w29Z;upMq+iDfV|)DJ3hTb2Lmfr zx!x`WJQ1J=mptXXpEo=V&q-vrV_&`6{gLOo$w?y4r6oyLHgZF@XasEvysUq8{&WA9 ziq(HLx6uM39CCv@80qdyKhZrGxFl&R!+VG_2l0!>WbpH#U4N0i!odV>OA0y%zUau-m-c?eXMsf9Ktlcgz?oQ@m=qo3a4N=H=`@H!l&D^DGK(bF8e?d z8tyK~?Lu)=;ZtGtyeMD~1}~*rk`Su?nC3Yu+<+#+2xN5Nn3S{vrhai?eNa2Z4a45F zw>TBnO5`8oY1RJ(Q~rICG(au--~PdYbN_RH@Az=-|FM$C%>Rmt68r*794{{okW!!A zSu~FmJ?9lODQ$kMoi(%;El;~VW|(4_;(x2_9+q?W7?w(QcXTrK`LPsFUD1~Ve?kDc zw)9q%*_VT)B%TQ=yb@L%hjJ#$=P2$Q?v{qQFQgqy(os^gry81miLPMn(qxEdrrziY z#sL}8^f6Y>CRLqC)`)swYttLF{u{-v3weSoYrwKG@6J@)@k}!}u#nS@y9%hx>wOM6Xoi6knqZm1P7Xwnbt2H%}%$ z&22XT4&aUB3t(y0O4S|}c^t`;*Ivj?&a%VsS_P`axwN8*x|N%v4Iu&f2KL2I?`p9=eJ`L`!_RUKJ>zg9yryJHUW1O_u5@|*2d zKU(6~ZDLbswG42dgQ2iF;5u;;8`5G;$yx(-Ro9V%s&x@MKJjcqRcQx~G?;L#g1#X} zLpA=>4Th5NOyIzbg*}(|hnx!x)a(;NHe3B@aQdhw@7*2WJRJ9r5OG0YiPbtwi2kYk zBqW2M!4rhr>NQEenQvAKXq>+$@zvL)L2MC=5FsFZE&NyPRkQ&90bbBmpn8KRh)jcr z>WygXg&J9$z6RHpZO~D-Tmcd&B$p^iHqiZz%99mE%MvSHsgjqeewmUdRU=fB#i4GK zRMlK*AsqRo%ux(qN2>q@DLIh^pzL^p{EENrUcUC!-$bcBQFv~##7=cum(xq4646)IeS>ae~$PCc-<2s7YoGR{TR>hv!P6hiTD{f7Dr?mAAtS|ZeF`qX3Uln}i zzV83*?H?Q*diQ^h*7@I8@>t^AD>c~5k=*p$`7We3gPLU<0yXHyczX?!mR&}R7S-#p z6jgn10v6i6XA0YN9XR%_IB+_01}FF!ricxDKtrl(G8#iVK<#vvOUdXd?jECT7?g>^u%f)PYL^29w9NaPyiY|qj$50#)2IVk}XNaHbp zAcvHqVo4r|^GKsJ?BKeVEUD=c%XZEk`a0~nXsHVUah>(l#oJTB&(=6`LOf*qh_GDb&*1xfu|WoBfhfHs1Npf+hFV0lt3z94Ejgx)pML; zCj5(+M}xtn=Ob<-za=s&qeKYvk9RM2-|RlweZKpfYU>Gu?3BX07kKv#-hG01pX1%% zur7;PVH;(ffy-OAgk+h){vj*$_)|_YCP&NH2Z!jmXM29=Y2-SPh^~<|^a6re3@I9s z!pwcHlr2$SOsRh&?(+!Kk^q<_AQB2p1cVdj5ZoYe0~r@&a;@-0q+>Mkq@v0h#86lj z5_6ch4X$0SwI9ldQ3z^q_mmw$wTpq(l{>B$W3xDeTrD@$+HUM_YoCE(jm z;SM-`n)8bB(&xOQ!ih0giHISiSnc=1sph&Ia=7!v&C$trwjoJVa>JS(l41gB8IBLe zkAFlE43V-@@n4C(gL6Q>YPwkDznS4|`fJ-(zlEpG{_lqApXU^y#s0r{=*55CJ2+bB z|5?dnnb9g{@mdZ$Q28^KB7{4W>AN@<@Mv1<;edU`NN16VMk%?3X#_~lU6(A${124% zgpHXIdtIoib%EJc;kP9!!X?=kU5w`r2$vH{Gg!f3Y^%DW(|lqm;_l6jyVqD$-|)0fzyT{`TeS;n%j>Ymgh%zOB&T@+!x*tHO2FH{H>%+zQ_@(2iEg zxdGdyOchh0uYDe`9SwL+&I}oYL*i9+D@2zNHkh7 zZVsG3qW~E?f^U}`J0Hupbddt+%o0E{IpZ~^?>n7S)zV>#cXQ8d6G-=Y9b{fGVcP_g z7+r>inf4OkS2hXlY`;u#j3NPV87#^YkPUvt=m}dEtF#Xcg>F`PPJP%0?}oT#e}X@4_FsyM3C`w?{3M>X_)mL#N3Q?(;mJDw?@As!|5r8G z%P}1o0KW@kfkn@f%>$ce?OnILR@w(LvqE&H?GWR;4^y1Fl3pFRk~_KMp1mYDV%f#_Fxd+`lh!>~T?$ zB67D^{{nt(mZe#Q9+P8Qw9YEaS2>n)E3Hznf4dEuoHL5jn$ZgFoF=&S*7^NBZTtT< zNv9L^oJ_O%(*U%^e>y(!_W$GKb^OPbJl6hi4E7SU02ole3n9RwXW2r)HA%%{3tfzG zudwH+C~-+q7Nek}UhSoGb$_6$ui_Y0Z>qZ&p$Gwn^+4}GHAe_4IJ55yWl?NpIt^}V zx@45eNESB!U22NV*XGswhQbr}kCb%$uIcN~Mg;1}6ElL4%jso3T={W!sOlgf3|41k zui$cpyAxxP=DnnNXL-MbK^_I zc`f56Y_}|P6yqU|>jDxR6JPUz@PW4etd0RJl!KJj&EJ{1Qr*zB44B2k*p#bo)2Y-s zutWH0o4w6_t8QWHeadGx>q|+^6q1Z)D=@6zKIM#5SIp`p-SBiD>XRYZge^NQB8?49 zNi#Em3J4n^1PwVOU?nmcSAepn)2v#irK>y4O2cPdtHlbY_7NT-8x8R%5bZ`G6q`@n zoK2*{j9)0Eu%LqBK*m{aV3B|_h2RmE@1?mTjYJm;x?tEnXGD4y-_QvDVe~qI)K9qt!q}$EoAGw7Rmt+mK`@(zTQVd7Kd=H3nfBuT$>s#!9Jha)4&Lg`cLuKxMK%Y?D)gIV#{1>~Or4<$o{ zWf($7x}5C-DN{awmS7(8K!=R5_uP}p7>pg)?Vpw6@tQ={%1ge>ERmI#6FBH_eI_-_ zGcW%i75Vb`|IvZV|Bnaj{2wcMEdI|1^9m&x3;4_D~cr1%N@;)hJUxnQ5*Jqnl-y4cE`C z=N@(*F5h9)%yeXqN(=pWcN=p0pVomMlhQ~w&39@Cqzf^$rvs2{+hAT9@i>z5+PXm4 z%7Yz7h|>HY2qvf~C0^AF@20oRvZ`+bI`%w$)}Ueo`JSV#3r|E2)T1adu|f%2odbYr zO06uY?BTFd(=nuVl~BE(g-oIFG<;x@aY1 zo(#OCkm9&G;7Jf+0dRpSSD`)IT}at(5Ub`{$1_MczTUj5=!B;i=LS#60)&flugH`# z47M^<(>HFfb{|%ANW)k?Rzv&n`#5tL!Lp!AMx(FQ#g7f zNYM=pIW^CSngldES~L4SuZ8qgK0)~(Pv8h$Ow;r=iVH+{Kg0!s6p1~5_B+5W^8fy! z=l{2NFxX$q|EqX}T+bQo1m;T;`k%lhq-41a2-KZ;o5>M>f+W# z3235cRwGWGA;`$9f=gQ5il(efu_^@R*_4jio_BeCh_aX@NZg8{Y+Ga`-i%3#Kq&y& z<;>`va4OE=D!=g4A4+xA!q_5N@Aao8+b1T-7@2Uv9G2w`DH5aL7l}cTPUqThaFb4| zK6GpAI4KH26_g}^aHMckWqe$nyHEBLp$WvPs?2|w&{=;*qFb8`W7UNhXQ(*P#@Ps@_zLlbE6=hdb+VyT{Q`hUw_&{o zM!%kdXjA{#HjC(PWkvK4tBB}1_FepCedHZ?3Zg9y|5StNflFATlSD;iSE`zFI5{scBK5jHb8J zsLHqs&q0_ZfT37y^Tmyj)`gnyDCssu76hwV?*8@7i;C^*{~6zM=MMhbLH-+@4D9v4 zcXE8NzW=k5hc6p3#H(5QqOG}By{gLAJe>thT+jRUad&rz;!vcxyE~NPUMTLqNRi_1 z?k>e0N}*7!6fN%VZoBv0@9&?y$;~F4O*XqXGjpHk%;%h0At_G{7TVa)puX6j-HQ2H zFQbaVJhJJ2%|jxB*gaa_UjjxeN6DxHl>7OE=q(B!8!Ixa#&G0ps8iR!=<4dt__5jf zL3(^wjlJM_1*ONQ_v_cMzCbCizhI$Oz7IVKFKcyH^`A68R zhc4iIY7<)|i~pIW%jX(3DI!<`-0z*Z5p8?>cg`pgN2wMH>)*vur5#&+VcsJPXn&sn z{xjBiIj(_Jaq@P_A%WnqTX7vZJ3G0R)HLObE}{zWk5VuCW+9ptOXd#7!>u;M#(%f^ z8l*mvI~p5z>>LKTwN7qTd~7J8>SK&$(gtgY-@(+-eKQRle*f1SqBOr47Cli!pr*!U zTSKIgN+KZe;pKWdw&gI<2T4pKEB|b24jFEe*Li*An<}3u#`Lo4uWLdVt_a5c>@U8S z3=h)CzF4jFqxYn>R&k}&mU?qhDj}Gi*328F+J>*oqs>m!(!qknG5Iw*mDddX6sj}X zM*SkOLIH58+JRN)b>`ebGiDL>$z8oUt+AOB>u>)anmnY*-y;bqmN_>btq~~z)#}3QZHI(hak zyHd@H6)i3tcJxh$+B&U39z(iWl=pEGh%Gars_spKbu+F%8ZVXBRiz^4*F>t4jdVBd zh@SG6YA^-o4dqkU{=)Ua2Zcz3U%9N1C@sZ8CUOZv>{_ftKa(Mz+S=TpY`g_lx)QU0 zgW?9W-vb+EDOJAb&J;V&p==z7|1?yxAez8QKY0_|OY1!NYqo8_4aAzfrD{MCCSmto z5cYov6BLZ&ktip*WHbThR9jyA1|+k78FIpnp1@fxv4!YITe}|A`Q*Tz`2|wPp0E`*g&k*Fzf3Tf?DjffDYb z`iyb|{pUT@TWNR&yXvM&g0WT)rNHt=<|4mQno8pO zPRrfZi~7J08+s`LxkOazmW4RIbI_+O-v97a;T%u6Q~l~>Hi)5vq4VZ~5Q&(L!l*=% zsSvWa(9n?Gn5#H{oiL?z!$XWbp!QW5HHeKpsPZNOhn#}S%(S#*@Y`fXe(Ii!jlfEt z>W)y%A(Ml=CMM?$;c}x_gVqdCJGK~W2pByB*XA=~P)E`~vsDnZ^nL@@)P*D@S`usT zW;U7a1eia5AV0*FHZ_IBdR&L8`YspOb0**Usd;5u7kFk@By}rkz1J#cvy&gG5~Ze7 zC;J>;sc)|;*!R|hU#j|OF(4_#@}6;|{yODHGVGS+|F&A2Ckg6f_g})9)sE|f& z&~sT`bF{mTV*+{khO!Ov1~3i&*fHh5_*~~ziOtq!CbzjTsodw^+Q|_RmC74A3$T-> z`DyaKa|4C_PKocBMzszMG!5cSb(?`(%wrMXatPxOznHHU-u}HKRx7o>iZP}nmC21L zm=z#%lT$W_y7O|jQ$;ptJJP8WMYM;<@wXI-?$zU7KUA5AV<#f%sG1#&r(2nTS4TK9 z2RFCs(R^Dt{l`mvfw4TT!POcL7aLL?$QW4$!^kMwLiD=<&<{(2VK13B=CMZ{F<{;v zNwH5*zS?c*LN*wpQ8Qxx-9WA8L4XKvtResgys%t|c;KOqgV%Qo8{k54Y8#Yh zQy2jVWcrdyqsl)_DBVJzwmC_Rxv<@+VWM!umyq`->>?4=Z!#TM(q()L0}ls zvs`295>N~)J7Jr5N9i1nGdoh>kDyK;S_Kz5W^gahpfz>&2jPAnbMqZ?IA>e_me9}` zBjvU+G-;t*7OOh^T7Hj!ub$J^pMh{Sd1773t9>Y=n*P!yRu9S(rs>+tXH_ZCMcRwn zuya1&-=~JD-d=@<8cgQvc#z8t*M3|=i4F+Inr@^-=zRf8WWV+ozP6qL3Q_Qfkj)J! zAqd%ZpqhXHMkI&_9Y7fTy3pAk4JlMp}sU4-er6>2Q(Hgi9T zs74#k%gy^$=#J|X*Wq$d{D;|T9HHZ_G9MU?e&A(d45GEXfH8(+u^W$;n8SnhPzK}A zT}#L!)~cbF8Rl5tZhm%hp4EvpDuXc+r7X<6HTVFfJC3X(Ok`tOV*JG_Gel>WylMu1 z$WSiaDeCOVnvxoI;h&d(!shd5NC>9G>7yZanEqZRZ`8Jw_eo1()*v-tls!g|?fdqp zrCumnB=PTS%G3CmUmA=&ULsmxgtJPpL6IbNWoMHP`uKd<_x7VGWh{s>ab2OxMOCM~ z9BF8kY*X~FXfO*=Flm=?C}EXZgN%SU$jTrm8+ZQX0?-sEP#rw`tOSV2PrUY%cMLqs zr#R6qNa{JCoP4bQ#GI1TKg;-%e})M*@=8PCtP=Es+eF;*3lb{%4^BLK9F%&bLcrI) zdg~$e^|{(OQ!H(cGL1x@)vQ8)MlZdvr=g_hYAL;lxvv*N$wy-NBhXEqD}3PFpCHsO zEZ@fG(O4BzdxFQm;EVWN+U~U2E&k_F@Z)nw$ec@WF@!&rtVZMQ&^`p^60Jx>{ZOv6 zJ;*?#5AseH{dnd9!_L5?HoX2(B4PdQGQ1R8;XXpK1IQuvbII>Q?CabGM42*nBYq5w z!QUo9K@=3@!XehBl`chZ4sQX6Wo7tfNc+VVSJWQAst*CxdSR9K?6W1_gYD2_;yRQX zu$qECeLubxvNTI3JeTBcW{GdIPjr0#_~L~1Z^kqZvcLL-A)NOG^Jc$qWrxV##0bqC zCPdjiaor=!+ll%RJE8$r5h?fsci?j3kK?CaeZz8g9IF04H~mzFmyG7WBIbjAw%R`N6%J9qt>(J)>u~yJX#>!(D`*vl)yspX~V-)%x~o_%jLr4diGX zmMQ)8YXU7&!-gg=@ywm=z8Em=6V2Y@f!5s4Fg!n z-3Lc0qNR{$JX1QK1>o)If?5K?6n=g0KoTX@+saMxvHjs>mVs?^>FMfaTv}mYBdz8v zWO}aFflj`D8UR;cV8^cW8R-&Xo(Z>ngrKW`m8t3Fu6TRe(;aSwx|XUr?_MuKjY63b ztq&olFkUn#J<%w}iXh^;{WeseOv^)gR=tSm;%icB1g`^W@y1y4k7L&DZ919ungCcK zr4!+XXR@J`F|-vg@^F*dyuuHTB9U@i8vwQ0r2R6$t2&eEj@)DeNQisy0+*NP=Z(7q z^?S366^y2E7*lyJK1sj&hxpw-<1@uXxveqvjXe?{=Cq=32j8+l#ZBhsnB~ z7Hl!~O>tb>g~~02G<>k{i%2oC@_gcLm`|UJ;%hTAET4jpP{|Q+0)aE_P zzjRdm$NpOpQh1Nx?I72^xN?&c|!-w}ToMzFc3mRHN=`SZwzKtm{)x^_!=n>aE2!)Uu?}(5z!5R>HF}lLVxj-5iayOFm~3G2sBk53gR2nemL^F+WHZ8< z3*#BjGmXYLd>m387yT2bU!IheEs+kD0WWYS_eQM=8WGmZZmt?#HrI+O zOjJt0G!J(2XmC`2^1k7GzrI<1jd&cyX5A}v?8W#~05oGcdRZ=lI=SJzS_&Dmu3%;7LH!sK%Xz;|_yG8JMW2g{JNA$T9s~jIQpQbn*9@33 zE28j1>Z?zV^p>qHazax#aAvy%@tQZGgfD}HvH>~s@$*ikItA3T^A3}=c!DV5)zc?c?@Or`Q@UV6dg^|3v0Lxd!B$n(kVZ=SPAd!BlxPxC@ zY44h>5k(M$mzapexCI?$N%J#a*iS7IHO?(&o$Xd+5vnhvz7vfYtZQ%`_8m`nK(^n< zg1>(Og+5i#9z027Z8sknZ~CDZ6NRQ7ET2_L0TtK7@@2E(Z(>PwZo5fh9lcJx_MMq#G~?@hh+ zzTmJA1=_p{ii|*0TK&7?7U^Qf>t30L9V8SX}T6!2FF~wX^bW4!2 zkM4)<*#F@Z)Q1xq0DJ*84Ro|a(!@5$BRte!nr878C$B5PfEG7uy zC|J+d^)0Rz5JJl>e?5l&7ZU@){VF(SE)z6ek?2veTlmdr;l;aNTs4JwNpR>YJ#^so zh2i|%iO9S38p2$tA31h-g%;}mi6(@l6isq=0vx>Q+24dQaiTiZXW>kw8~U+h=zza4 z|GVBqfUegsuZS6;aplRyWH6(v##ibG7T;np}>Gd$GoGp{ZJfyQc` z6+)T!A2?y-jtMG`ogxOHV8~&Zu!iKO`{|G4#XN=ve0E}slSGN$gV|r*0W^4>a`~S^ zhjg+eFAZXAR*h$Rzg?`8*i*GdCZBry?hM_a7?fvYWF-$Sj(&kmCIINR$g|mK9fJF0 zW(n-m9CTp7N<+&gbmrpj>{^DvTFmR`yu|5a_-q7bU!i6B4@VmonN44vJ`8eYB)d+C zO}Smw+{XSne-%ipb;-3I`xf%CSXQcXynIc@+q~UWA!GMtP;#Imj${oPhH1P2?0neI z`Az_b_mFa*l*aqCh_t&(YVz&HATyI6+d=VcM}V*7LuVf+k%r>X*R;B;FS$-AqYf{P zQX5K_!OWYFLtHw^D==$CC9HZrm!q<^<3y|?ZX9ErkogIae8THH#JE{RR&F2EcZNJh zvPVSEE|*VZZNNog-6g2;pm}dVU?B-!{6G>zIH|P1ihWtIyx*|7DWb+kCAzdGzM*~R znO;HQuWf7`lj$Rw#*3+I3hK(|g2j=_`NuKLqP~iQCo!8_y{O$UElRvT;sLanPOiP~dBxIt4>L-_Dh$PjK8;Q{4{h`-ATh6+O@&l{)5J9AH>YimN7q zy=s`$f7Zn8_*B+>7PQvsu3 z3SAYjB8A=`bxU_(`-LwW9oMk)s7LllF&6G+^K20eXq2&s?%L>;9JqJ=jzEKDCtJ_#msOgo&ckkrq>L^}W3Sx_b`{xEh*jBGJ8h&2g4V7z=AnKIbN9uvGn*0KZCF%L z3|rDm=P!bd+>Qg*rj1^y=)pq9vv#MHfp+~W_W#92q>L}rC!j`PIb;>dmxhKsICaFu zp9BloXVxbD$`=ku*}>(g_-r&K^L|(QFixMkjf$t{0aKwnl3v|S|07*D=Fa<=#*g8c z(^iXy29%}=yha_nKRBqC>R@fT0`I*Hft2V3~=MVPi&AG$c%t)h5`NLlR5 z<1GvYymyvA1-BS2gKk{V)B6 zFw0N>jaU+06xK{KvIW6L*Wdi36=NpKu%D{3KkTuuR2~~Q+hAAP>^bp|&N}q_fxtky z8vl#D9-QAud4%RudZ!AVA90S+Ced7pt{sSeeuVAf3IrEbQ&KWO@(K{zUJ41qd?b#% z-ghu9dqX^2w?;wK6j+Og|1C=3%RKCRk1Q26SD_eldOL6oS@BP2rt&{!HsdSB?n!(M z^4FCafqhsWRz(0$;Mun*?st;I9f?Lj@A672K+xXMCQ+h^8S@7 zp-L9IDwX;h8{?M=l})I|JV~Y<*_czfD)run*Q!ssO*|V z7PwqDKdgK##J>DMZ{o?aE*QBKea|=zWh(H;x*mFfc&NGH9YAhq@_OAj+b)xoZ}ZMk zYKzdaE$ADHymNX@kq}jl%N}xgq<2fdKnc`S*FJhnU5SLOxt#{*4M%l!gccD8Z_*{^ zl2G{mMTk*)X@3- zGDeg)RX@u5MG1S6*z9YQxK9eLaht4EmI{kjdW15a|94YrH$^lS`j^~*%Slfyvf&%( zTJeS|+oOfZMH191-(8JUi4ZMl9|%OLc6Noz!Tl!4u)1=740`w1fnI1ktWbHapItU1 zY0Q@xis|Ih?c%?Zh92>MYs86{^c0UAp%;=UHPgm38#gO1>RdE-6}39^qqC%+q9@F8 zJy1=x4$CqU)|LD!TfrFb;OrNczW{&3CNth(7Yu$tNPYmDWoKP-K<1>FA#)I@{-jLx z1u&55TXP!Nj@vO>ePYwj=)2d@46DRjPCga)3j%fr@iU*}M%Z1>)O7VNR0<<+$2Z)2|rcABXzcM9m04^wBA+I&Mp| z8i};^wpa@(H9s-tG!J}rB=z4O^Etb;^9?I6ta)bP=H?k|4JCQ%6+bhU7^*aZ=(u0> zje}klqBfo{Aww^3K8%TsfW6-5>Kn80$G;s+fL>XhnnY|)Fh;=dN4q!scg{`_!(0#q zM&lLINMU=)1$o@wT3!XPmmdF9b6y9?PWCSVOsb{L6^L2#&AWBLurT9ua3)`Ae-fN- zV!JY|?F6jU;M*DvdZ)Tc&9ghFgQru0z49o-sY+w^ z&Z!8s$J#TFi2-Qbl2;xv=pP(?B#W>D;)o1|Obl6L;t`3&_arnCy|y`ul1f`|Md3vs z<^Q{EQd4&G=FwJ!|;?;_CKJh<{Eq4A&&-8;J;zy1V) z8tb!wLsCwb8H)*~pL8!UwU>Lj&sO#bjln`9OD}^^6E++XBWtKEsbm*S`}4*xE4cKy zxn>7TmA|20=H6_$IU(L)y5;v1;zmu|$UiW-1bj5pe|)yj4$skka`X+*2uPqMpWBaV z@Ybf&h=h}GWy-3+igHpGvPMA&jS+WKhh0TG59ar%$@*ABA>;h~FBK!3Cj+yNaTq6& zeW~l^$9z;7tlgTgtqur7wnhipTbD71?=Ol_T!aVxlofdTOt{qUn_&ASr24pd`j?P% zK>xpRk54kXUkS=kZagseRMp=xYEegvHudhcLb>@~^t!@&6=`jRmW_6SrLOIP$NnL2 zx_^~M$zMnvDf5I4Q$NJ59%~bBQ7}d|&vOtA1VxZ!R{_#NNK{zp-zqR~%-*YI;z8OL zpq1uwEYJ;=yk~d!KpI+IqM?ZzMQwS955K_VNq#bvSyja@1}Nf=haT~2EbuUs*HFRT zwy>X=5*}!CP9McIL&hu%_9o=hUQ1GD$ zt94P6O>6Fzf zXfK*;_JE$Yp*%z~lid*KO2BR*tvXtf=(}DK)T~of7L@xpFa*|@1Qz1b7>Q`#X1gIz z0<##+UHX+=OJq$NlZB@4{k@M#_~xaOBs|bqvb*U58R$y|i!A}rSUXCh~Hj-m?!Z%{TETbNdwcz)=Rg4FzA*#W0IXpZ!^U?PllLf{K zZeoz0ra!nqR+~IfduTwhDn*lX&N%Q`Oj)3f(MqPEVZ)3gCWjjwX5tiRzqzYWT<6Px zt{~RbX8%x2>GOV{haEx4>fm3FLIu1)78HtH8J(MV|%`xVDH-}62fAS zBwei`EO7Gv2nvxA`;hxSB~~gBzu764X?C>)JN2YqnC zlnRCq`R}9w0y=1^JPyVaO@(WT(@g%VPQYjSRE}Ry=ej=lykQ}O_NNU&$D|}?*-x@x3%Vfts;5A#Je)ek=|9`~F@Pb!97x|ZlXZPqfd(!-O?sE6+ zg^F0IpOgy86ra*J30|^qRxu3}>EezztvhR(qn95U_XI@w-wN4&^iaENuML0?ugpPE zYkWfD;(sLF9`NI;8J=@FgliNmR3%<0l;6_ZnLET&Cy_Jk@wMB{7yZ$uXZw%f05b~X zd!?yYYrbiEoOl*JAdN`HJq0NxjO-uWR7PQYFo*$l%N8{%GT! z-XOD?oAqCYQk$7_e;Dw6W2uAtFNA&2^hoV=AtvEvQr^V6wL7q1F+ct_TJzoYjTR_! z4&6o&w8E#6Nt7d|)7^$aB}-tC1TGT#VZ-RD3z&Wzt>!h3p19hEz2LQt|cZ~>5>P{L`|5gO*LMjXn~=RWEUjnP_(*aV02BCGZ`|iB?aWMu?74jV?fIW#VJ??`@`{a9{0Ep$SDo~ zo{!3|iOzGcaX7EZd$#rfd-~<<1N$T)&{wEA4$|)fJi2oHC)Ml$Hl!h6N&2!7t7_3; zLTVA1#o0G}TF;-Dxi-}%`jU^VX`KhsKIRg1k!y6+&UmmjBZY>j*|qd0YzijxPS4pZ zX&LYO7tT?^pIS)wJ!QRvw6H4AOTZ(Tjn@SOXHpmN7GmkWnHb`iYcTi<45B4*=XYTMK=yn zh`sg~@6d zRM`#@_M~PTvh9gzq!M57H3jM@eY&D9Rzlhay8__j8a?hBy4M7Q3>tgkeea8pF-&ng z|Ge*=)%=y}t2Znh=OetDf4iQrOStE!u~&QCfW1#R79g0JS=BbRjXs3lD@20Fz|rG$ zDV`5wt@5~qtcfZ8hfor8tZoAatHa{W*@nH+@BlmdP1ToJJHe@^Q0{AEu0YGTQ#Kn{ zSg5W$y{JZH%xSbcW+ciXAaAaYOuw|&!7Q?S<*vK-&g|9sBjzQ0-qe(Pf4iI&c=CpC z1=t%<6_+^dN{2Fp(osOj?FG?L#w{>3J{S+Uxpqzi?K!`MpzO*wTT&h=<9`AAXUOKc zFkKRZ?A?i>Pds%YnA_bo5UBR~M?xK*xbNcI@ia8&{94B-Jo|iRAkkJcY|E-zs9J>gF7h3}XtB~?M?2ix20#Fj0?RG% zztch5UBmQ&OL*vaP*T=|2MliJ>p)+8GsjWc2RB(YT%$YfNNGixMprf`M{4JC=Id-( zD1?(^CGX;Xa>x6(znl~>RYmeu9hkQk?}h=1eF8=aOK{u1o zQ%ri+P992{_D+r;1oLpd>6VNzd_-V2G|@YBzBs_OHN60(;D1C7+seqbG1&Q`pF(rB zJ$%FQM09B`9GO28U;vX|IuC&a%&ewGy|gq&&BQve7)qpG{jd+re{4?lwju>+!j zRgsUs07E6WX^>c7tl*88(dG(E;c%a0yT)T#!rc#hvBxtkUMUjHX?l}sa%TTj3nSwi^Bg|=q z0{iWDfAFy~ka{Nk!}BJi z=@BIo+s-13PWf~f;RCdAX9UlT4+%qN9AadE+6o_9gP(*>pf7Jy_ku)hDB@a_*I2zv zW9>SsLXFCVS?WmmJ*mKAO(>a&LQk{HKEj(-X2YR`T$&|bVf-(_(Ykz+WmgFGMfx;Q zdJo==iSdA#{XRzY4<>fI5K%cW61h;>;xc0O6lSMd(v)!0e5m$s=*BM1VtIWf;U5pG z;HquAC@JL4O9<>*Z-E_Sg9w2YpJy}pH1im zB$rBR{aebHb_D5?@?B?fe$@@^lNILLDzOHUdrbrwnct4SfDcnk`}%H{cpKD(%587* z#%I4gk~If>wY+k}K2wDG4N0=??RR_5tUJq7+35zcq!Wi~QnfierRx}iCxf)Ds@e}W z`yc;i06nUjlJU>Po20RGz-8u*1my)KRo(M|9zhhq%jqAY@g&_jfPlE!z?g*&E@24F zu2?beF<|@>I~+VxlfDU~a?NLug&thNME|!WF35Vo=wbc*Iifs^Dr8eKZWm_+gCgzz znS)Y=h%SMdVE^hY6bomvgZ$t$pg~0lwDg5(o1ByKcpzbJmW4tVA1op2x&xx3$ZI&4 zFwmiRagpw1PkTGnyH(Q$D4s^}K=CL1=Vo&dmyCywbAPvk!Y@?T#pMZ*TI&dps8EMA zKx6&25F9>t4+fN#Lm{UKIVx_rKJJ;*_<1E2)s1AOKa{hKQ4=8Yz<<8~0f(%A2K7;$NR2crq`|Uf+NqE1id4m~%)7uOu>n$g=KWdc2KOPr0<)yk4PG%7j- z$fM0i>@j2D4^Q99mIT+37!WVD@P=S8J*hB$V`FH=3k)Sv5J1w6=LXEDKZ*5@>P#|x zb^FjK&qAG2hd3%Y>KP_|#pSMMv+)VZ&DhbuP(Y=HMlvm-rK46S zrhBzWa@`fx-Jz&ch15bx&0?eayVmEFB{gD4qI;sN;8Vl(0m!E~&E3T&$+HQLKZhK8 z9PX7uApY8^p!a1t<>!1KO%@#PH2FTY6|ED2@9PdMDXx(KxrWBcAru%j&7{qbt%8h) zLbM*>$64c-OQaX-5(YZ#&oP!CM6mzJ0*P3OCg4k`QUo}}{NDI!m#uNL^D*R4>oZ|z z2mvE57L6Bbaj-a!*9G?oLj!#t0~(^!FW6q$$&$=BuCZeg#c!%Uj7qj>q}_g+eoP*9 zC&X_padiI@%t>Kh!m4R9P*JOUUE*iOG8>MH&==gV`&y!kJnv(BvV@0$EeKEJt=0?*P*O|rmUqa%o ze+WGA(*)wtl1wG!@vd4xC=VZ^JDo2%bN)_N;Y}8J;KpBkK#GAN_R?+g52iBmO-UY0 z`k;4%K@p9-5A&1}x>S}DNjWG@le$R}^UiTn^CdN>jJC7e|2zPeu0NWAl}=P%T1{#c zCMJk3QY4hG(D4otF?(={>4#&O_LXr1If5c9XSY@-<0y^(8c8YhUXjkv_Sz8mBmj@* zN?p&)lib{%4riNuvbrvYJoPO;!{=a=266-P zEaOI9^03(@e_i$1U^FV3evyB6>D>GIIW=*lZ36KhKhfk&pV-#enO z%m2Y?=${*EF?3P!uQ$2{uI@$rc;x``-R?+AH#9Yrkm*O7fSxD9=%3hsxQbuqaEP_k zR415nI>E-=`E7iZf&U z)ZxB%N{$VAHP9`4@Rg)IHms*kuz?aO;eCK9iSo75>NY|Dr`eHwL}U|~=0SAiE0W#-NRG$w6-AU!P%ylLq;U?NlVAS89z1>>rx z@@Az_SSG&IzC{J@uNPrm;H*A!ib&S!>FN4+Hmp-I#1Dzw~ zYnRkVGeg-A5hUzB3p^dsrr+CVy{ns%bnbgjdg;n5e$ygDvql)m9u2qC*Xu>;o3$rT zu?zjc)oH_7&eHEi2qgW)@N_6joFq{@i8+%#8rR+${H9L9)pjNM;?=X{CDDj_PtSRN z401M~Pe=S*0t6_$bAH<#9&Q63m1DjD9p*%X9iKDC5eYc1;!q8~We`u5>r%I$&z{|_ zN$d$Jb(1QErU;Pjp9_Ao{JBfFKOKLs?Cso^wt8p5Z=~_PUQa)Iu!ihJvF_Xylbf>I zlUzpJ4Hid^8jpBH;Wg|AGr^jZ1n(BQ8OmFP52O9SolSnP zX;qy^p#2=hs(NK;dwPUVk4+}2X1sHFZ@Bx|y(NCS>@)@@Ser~!JT0ZGo9*xFm(h59 zddAli+8o6jg7>ZxQf_{4U21t$Z|{hi-;t>y<~=w#Ay?jyNN+ptOe|9TI#CIDX{7eH zgUdMrELb3`+sDWMg_z1EJrC4YBT7iegv+(S-NSBvTConQS9Iyo7-EAPqf`z>8g=d= zL7JX#f*Z`XEC1tipk^{D5DqJ{l1q6pg-M?}5f|k4{V_hWO9)(XJW0+ps_|=T#ZWUZ z3l5`SG>;Q*Wu&Ji*@W`w;#<#F-cSd+@gZlLB{2uxqM;yv@ri1wN`lssyq|WQmYqW7 zoF*qNy9q3dABk{yrq^4Sp>j3^pQOa|kvFd7nPb4lz6c123V2NbKVHv5+m%)2nB_?q zngrMw!tmC z<^F(29M=KD=T<<-6%0z$&{%qqU}Lca2AH__;#3i;_*lv~I(paAKbT!1ZO}>b9^a2Y zhZCSOrQX5;f&sT=MSP4bPVK@;fxQWX(Jwj0-kmtx`?UCneWBw_>kiI_@owf3S`-93 zFwf^T#_3B&%+V~q_IMe1 zhT6}rzEaN=_?*!8MM}kbo7Mb8+!D2ArW`I>eap2bdO0OBagguOQOLn`mUz#r7Txj8 zF9h*cVFVvitb`$i$U`=#fKE`LyK83!P|J*XPda&T_mEEhIVQ*P_72e&rd*&KbAdDS zExXq(H|1j=x>r_AyRnp1;74i+kF>uK17ygBU94C3Eyd>@KtnxI`5L6Y2u)d*J9)UR zM#@C(Jw!LxUl_=|bxPkFdEHmn`%PG@PrIoMLvNkQqm(8#b{|+94e$6Zq3+UisMNo^zV(-}%W+@DW?>K`|s4wBeLw$Y2k&Bk=3Kb6+rxV3wh!S%OXuSJ)uedVT4VfHQcZ(`{gMm^hes7iW#h|O}p zdkP9Yq!6m3H5sQYIZg|_SLFg-e%^4paeD`nhGhhWYsmm@{?^VcMOuK5`_^BmeEwgj z6l474Uqh?__E`TUuu=#zPRbJu9i^an)Q0p= z=Aciu*4-_zg<)dFKe51}exgK~AIw$VV0Qoyoy9|;(ACZ-u(Ka9Q^KuOd`_{lhzmJ{ zE5n!BdhVYjF^BzLi|BhC{K@lkZ5hLU#HOsaERaq*Jfr zsGYJ={X@NCJMSMsS+n+Mz+Z8(=sNRnbamMm;R2Ug%BHc=Xp4Q6nw^-N0t<>T1}i!` zCybbF_|d0|&%ZxPZCWq%Psn7exA)Ry3NpXhMDc3*1YKEQQOTib^Wmg3{AiEat+7eW z7^1j$FhrHBCT(_OW^ElRDr`RTvct()4*!UhA!3Drl*$tG51k?9Xm$7U2Y20bxPn&A z@qov!L=;icH%K8>*EQ(jVd>h;KxYqZHvR#jYT5EO1xWd)_-@DSrCa-5NTq;ZADkBZ z2dzacf_~#~kwt%YW7-flLvjYie5eY)7qyxw7ZA$7ZU$$i@cHP2Gi~)o=yCig0w3{i z%`npNouEgy##Rp*fCYJhGt15tF{yg5xM9%m}K%oHwSi86c0Rt&? znD8LcfPUr}u5(tAWWVQc99&-v%HMp6#8GpEZ?U1#-g`XFacm|yeUk{l&jZ?@mw3B0 zWTuD%gCY)=_`)8DQ;_pu>`u!Wm7bBS&KEJ$1RHVZFqi&}4lGOBV3Qv{;z&|yT9J?h z83gB9coftU%j;;>j8z!z9JS<|QjVUFXo+*~ClY@$rz(2agZ~}3Du-GJ>0X`H8_AqtY)X(hREShfmBR z%*ixM7AZkLWn3z(?8)ZDe~U{te$#xh1!+*E2!}uv*|q7x2Aof~O|bEIK$A6eoVWfr z%vt_`_?OTR;8k&=43}YV-FzCLxdl!xXnBYd_?boTKiU%A<+2t?`SeIHN_ll1(DeIY zNxPga)+Ao${>bIsPn11kgU+BCcsEWV;C1_WqnQmTyl6az>KN}KmtiO%s<%!7% z7h_kWF;>19mgl>?vI)+ouJ_6Bi=Zt_8z3XOBij4t!&p_ItkzdJ+X&>mOrJl)diGhc zj4-?w%{aiIwXp?WIEjKJg80HaGkeScOd{PXX#N=V6g4IWr=VjK92@$>F~Hju$r4446}-2n{rJ+6*Dop6!^2mDtn9b8q@b$e z5x@%`IPy#QxCWM1PY5#Vz*u=4sQiP8Dxuy-qfX+Jld{%HXrbs1ppc_mMJ_Y;HAlE3 zeMZic2Me*p6S`9H9Wb*7r509cm=o+*zEmJ!VW2@~eDf+DFVW*}Hhq|FC=BR~h3U5% zGcPwD&L6zdHqMMcPTzLH3)4Qn9E#cEOMSIjby(}FkzMtSQk+~7%S3EpMtJ15)fTj1 z!N^)b_(q>@@<4{jy^Fy&VYePQyloQ^00;e zPH9GMfkpvdBv5xMU`7`Y=c{(%nY9)w#*_UVd&8Sl*<(T90?JOeu-D zpLK;?Qc`!nYz{*w?xVwRq|T7IVm_j%s65~7<7?qzt+5VSxNsxi@S~y*S`EJ(MpPwI zM9;7ilr`DCPtK+kn~vcGa!K1F!F(;>?kPqsT;P8m$)C6iq!Pqm6BGQ_IgxO|yfHTT zhJebzjEI{sTO{D?_WYcZOmP2U&|^FjczeV9Dp=k(glXHeV}=^+;tIa>GAkLCD$&Q^7*tZh3PQld_Vz3k zW>5-6g^-pLr23*&1ihad*wTRt!h&muc-N#=}=mXF{_nY&@UUN-EpKibAm_h;Ko$ z#!$$zkQJKWWyjjn3sp}mU!eD4rbAUmh8iiUf)$f3x?uLe(i`s%op&YIUIuRjpJ^%B zAi0{>UX!F1y>{;fxAB=fZ74SHK1hb)Gfb=a@X_Mtwe464r55h0+xu(t9VmcctV~-% zs2-AviVGkG6>!Q+rLFRKQ}EBqV7UJYhjvOr27VlWl1o@(NYP-!h7h<#<+eht&Cy)s zjIQGgihJG0Sr1f2*Y$lDFvwN$;9(`o_Y2);Y3lv$5aN^wk^@}7RdCx1{vq_^&BY(Z z6JA>{|Lh<27gou|yTjkd|I5+sEM*_BcKPl1!+Wyp15BP%-1*hd-{|6LYAdDO*8bAZ z#r1V)@%nd}@{_QTDJZ&u$uxa*r5AV29?VnrkjEe$k~fPZtejvFaC0`2n;CB3IVhfU zC-KVoik*ySsRkHmy8n3WO{lxIE0Jz|ygS~U*%%N5y*i*YK-_~-3xNGIFrnZ8g3G2! zr~uc@hG}T6&(^QZt+(_21*mAvWfnqwcxfg+;15o$)Cdp@@|V84=3>qv>H(}1EI1>v zj;sY3VApLJhC&t9rfY*UWSxA%m;RCcKc>z(IL`MC_Zypy?Z#?s+iGmvXl&a?W2>=k zt8vmeO=Bm!XTQHQbLRZFJBxW|-sgRA-PirOg4~{3^!ll6>&%VBtL|BH%qLPO_;xG@-Z1|Vr?@I!Uf~8`{ zn6{}{;W|MBSch4~cz04z6e-ImJ9e(~__$?KV2ivzfHlk5eH@~bob@nChT!h-Qy8{) zcMO&%QAch_!5I>ViN)|cLi7|1@ZEEe1eqFp4Z!7U1iQ)^85na|As~Icf)m&8jp7Vk{;Iy9^ z#|j;mqp6`_OqNSG;*Xse`-{>$o`R1t$JsiT;nuOJF3~U+oWL6?y?1$K{RqURVOry5 zeTVqpHPD`d_zbQ==~zvmhQAE#F34nvWT%VuKar!ia0WF+G47N}F!|(u?HhLt&?znr z?SiLgqOCE?7+C@h5?b3TY=fXt>dpL4QT6YRnHiULmBoE@_;ol5soPxc#(g7ZMRji) zEJLlg?1YK8nL~;NJKPavmnt&1;`Jd$u_9FeS z`j4cQFy4P#8i-Choq?Tj1rB^aP0~1nI|ZOGbeDau9U>C<*2`6R=$7@Sb0oJBHP)I) zkcqVgemVmh0~euThKVW_Q$iFU`QEhNM@$%n0^6}J`#*3gB5{_ez zS_v-&@G*+mHP=7)O6oA(1z2shMP*_l$BIqC!Q{?;efoC$+<4YcX-}caq-rCrk;)DQ zl2?a^T_zl1p6UK*S4{gFNA3S9n}R6?iCHxU&TM>Jy+=~tLbuM|F0NKpjN*BNp(aS1 ze`jh0gNUhk2}UknGiYQ0XVTT;{`IF}-Ok2#Ya>obZ*cq=AnmfZkHnkDdb0cOLMBH$ zgi~SMXSvtHwcEn)>h_F}-FMFI7Za3%)T*UQ9av)rI%x{~TlRm?fhn?;M3DR$Y3Q36St^>cTjp#hy$(MY7BFX+MlMGnJ zupnhFK-yBgVkxxa6DMk{>v638Ms@al5r)H^`R2W!zPnS*F-nfPE}}yelq&8)Np-C) z8d%W}!?$-ihK<|h5}B(%xpcBf7 zgPXJpBKR&ZR}TL%o44y)KZYk++*28QgT)~4Ws=w7^GSAcJGv!rh&#?5L_@nl@Gv(n zLVVGT@u!pS3f|(ZV0)5FJt0>G&`?xog!3Bz&L}?|vsOgNZYQEyFS;hcehPv(t>rGjV<4A-Q}{)?c&9nOJQ}l35Qy^yj2;p)YYU~ zli3cTugb=S{;36!60YV8G12c9!6qpS4F&xMDnolKe6Q2W6)eS#Dt4a|b^U2SwWFYh zuB#h|wV@U`+~_CeRzR#-ul1|l*4A^|0w+fEC;ynAa|_CP=PJf?y;^Y*yi3K95K3D@Goda;h) z@QJO;8MSc0u6YU9%-6P{jC#FQp}*g!&hS3ju!^dGxx@TK5j>JI9iy0WtRq!WajvZj(bvF0?y&hBuH;HM-TNb<)`jFnNl8sYHQp!&h9Isa zGciDm5$RxxPUJR!&!)`f(`LXv_jecX%VwIjL7$Y(Jm`R~Cwms5auRrXbhGjc#Ivn; zAILzrNkfLsJZ_qxsg=z*8+w)Nv2gMiJ6-_Sq4udqQB{oAlFI)qR4A0&e?hsKwu=k{ z6?u=kh%lt@*e5v&JCGqaEBO?{*JuFS{N zZ5(U3rxJ!fC&OZ`$Gr5dO#y}66=a#^k7D9|>aAC}vq!MNrRZtkOtq$Wz2e`iFOne~ z+P7=0%Y>(nfdr-1?3qF%yQ$n%!a zYhe4w-|MUNzu@2;kd}JPX}`x~sedekvfs3&)_S^C?>fV8@67M~mi#URCr?MM^*?3+ z>Qts#iw09_6AQD$^^WzkJjbc?9HPN@J}R>a-tqXueVro9*D$J!2B;232KTBU!4#4Q z|9g)N=ONE3A*g1I=>yFXE&pEqFdYU8@&mNiUiSrfkI^Bq}+*jWR_mvA1W$;>Ublrt5=pmcul@3yN559&u%=q z_eMyc^9QPvAS1Z=Zz}a?Knf?$2&PmT|y^S`hDVhAYtLvIj6TJ&gis zcnSF`p%{^CxPmCLsZn|qYXDr|b*YOq3+fk`-_zPl$${b6kN4N&_Lf&cLi5ulc@>0v zFreV&yL_svJXjU*a?v+lmN<3E#e{kz{IRf>ca&1b)Azf&nQQvD1X2wJT0-BSv=gf< z)>m5A7l~q#jk?){%9OTVQ)UIPaG=jAca+EHTEd)02+w3aCDGC9@hOz=$y5YJwOYy{ z|HJ|l{rMef*;3u(D@)w8RV>7!H^@u38N{c14_+bfbSF%mh3l=V#gj<3hL|UW*YG6d4}~R-op6?dVDup zis#knFX6Zie2*-9>6fbfw#$a}^-gLg($uMVL^Fd>!!RTlnLpOSh5;(Jk3*~~m&oR1QxJ6cEv>o8C&O^T%K}_(_;nx@h=K?9)4}+g zZTRk$%Y;mll~$-J4WeBT2H6d@6dmT@3EF#;-qg``!;Qzt z@1yXiI5+TqaCZ{iO<^RfTA;$tqLK2UP+}jmo5ZNKNRrDWyh1QJD>N4~n>Rl1LHId} zREatRbGt%}_LcA7w|BCq{^izC`O~d^gq~c)Et_`N-Gt61GnPR{N?EevSL5_RlQhIYYi=Oe_d?b=3KtgYBKCHL*BBeus>}e zYoq$dxeEqD1+4~+x?h3W5J0ll=w&y-!M4QUU0iJ5#xkb=Y_(Z)=2%!=_-1Zh8XmuN z%4g#Ic#=5U@P;b_q-d$etbxPRM6$7;BWX&K9f8s%Z>Ew8spdPOI|7}dgL`)&^J#_h$} zEejs&{weq;13~v`yHU!mjwb>*55#B0kU$AI5mqW)Bgo)d@?A^zC83T%FIrdxatx7B zLe|avG5gHH7thQTxeR2T zpk>HXe^gAQ2H|NL|H5mTBZxY6E1KE>d;ms&AY>IB+vqGCN`-*SE*ItC2+zSR!1`TR!l3O*|Aa1A4MAc!iN(h_{&SR-gC zl7p_~$M6`(Rw&HI#~^ok>cl9V7v|p-ltwG_o*cDOaCcv0b$C?YcjyryW)Sbq;FHsK z(qcIa_=Il=X|rvHt?PSo8ouL{Py*@Q1-`@%jj-Pd6Ond4gM7!OFJG=1=p?sF^RB-< zE4;-12COHQpeNzc?uhj^sqxnZ|D3lKFfP!JL1LoC5qZ zUByV4OZd8-WW|nyXVntvr%&?{!QF_ty~I137^w87@y+fVcSIqWi`KA?K1`> zJxbtcKTwO%mhw3>A>+xNx5brB(9m_lvBHX3`W!_bl2%sU3sXTD5MWdagP#T^xmQwD zCFQke5Ch%G2ktvT51A;JWE00ZR_nf|M7;^sgA~gV48_$XUX_HdJXmqn!9t9eiZg#X zx5G%_?h_@KQK^QCehz>FZw~9Z%IscI0AzRMcfxy@TcW@Ruuc=ga79*CO(%6Y+gL!ZsGJA1=5Z{5X$}y0loBt^n`$k zp!@!TlWy&ZBPgl_k~Z`B#fJXGl?pHgjaDU^#Qf=oDw^b_Iat;FF2?uv8hJnosrLdR zPshKVFx(2DPL!KBZ2%i&hT2as0D3hN0io1loKG1)fFnV!;*T1*dB&FQ>DdLL7O%23 zxY{m$6Aa)(L?PlPscu0i;K{E59z1b&5V(JU3;azy{-x;j zOB&OE@86m^#Jp&234&te{fmG0FggQ_M`%6^y-|*22C!o8lyOF3oZc4RBFE? ze32`njR9^{GEutGwBimIbOX2|MRlog>NKzK!tmXuv4TNh|7_ovT2{a*maVo}CVa3R zcnX>)S@^8d3!gGru!Q{!fh-hLSlIUpf$SWIAF+spH5e(6mBdq;pQw5b@I&EFFpYqq zq8+7L5j^_F`V5FcY0nMPfh{`eU=0aJ9?EO`+f;SM6woNF#9k7KRTi z@}C`%IRH==v4v99-qNys`KlaZ(!fm+PqNQ(felM3IP^~?uF^I8&VGP=V=tA<;c1gg zITpzhK4Dbd3+KVj%UQg!;jixPI`m-?93WFqC&L}~U;}AT6bAaMZ@M>Lyp%1D5q%Am z-7Zxq|IE*)C`*YImqFvpLdIxwR;5(8FoopFvo$Zsrw3pGxk0QyVQEX3|u z_~~v=W?sHM$I#2TV8GZu0R#mKNF3{aGlY}+pq}y+xzrO@U1XBWn=Jd~2jn$+P|)EE z&0*m|mWz(&&K5X1Q0DMZx$&Qv$H#$R_c(bGvUIY&WGN~Rc|}-Jrv$IaafVh$OL!D%3-6*=M%;tJ$MqD8abfa-{lqAX;7lmg|{EW`)#xf~hVhQHx*v*tUL=F$eh+qH^S1xur*sD^#{{esH74s1~xbZ_!7z0DWqA>c+P((Gu!^ z@0F7GcQreN(I#5#``@HaVR#dj&OWWVk}e4i02A~CC8S5$N^$>vkj>KF0xy0cC}9Qt zzaLssiP;<*{D~u5=jLOXu)%SgeD;B^YPEM4DR6l2jCYh1jEzI!38wQ^GK~N;2^Lwq zBGIr|y%{Jbp=l*tg4(J@BJe4P*1D`&JtZAg1@6he@16B%XULk5QuWE11TiDhd$F1av+df$rx}JAOPL?x5!>r=~@L6CyFojjc{~RB`R>ZtH=((4_SR?`EzL z#LXAhPV)%5kEh=|#N8Q;@4q(Rp;kQf5>0>DWcQ$2Xpq`qcsMJG!ahU$Ld5e$#cyua(Kht-1zo%r&>zAJ zS}fB~%&HCW#KD;ORW*YWGI=&%fUQ$KryA0ljE;H1*^N1wzyyppe#(mOO3?Ubc@AUAv=>PdjYBxjT@!3j`GMjhtx3;KFE zw`IEjbuc%2tJ2=7eDauR5#L|_@HvbXw?~I3cC8GYfn)81J;&2I4Y<~nYd&%bsW3&l zo%}?QjuKLdC{MI>4gY>E8FTF%=C~lQG~@2KFb*&*A$L=RAcgbBf`Q1U!KK6hGju!{ zH-4u!NXTl|$MvVPUH=9%baWh|Ab+_0<@IOQwpa`?UIYwyWWQx17-pp$u?1x&Nu?f2 zvTF$CJ41PgHf3h~-uLG$u?&9Je^E_ajWlvQb-l69pu)iHqezBJH1YxCr=U=@f4L3c z4cb+B-=68`Eh75@?1PA>d(qDb#NrnCi_l5pViF7V*ni;I7!iG0Se`PW=Oog{!3+75 zDjaJR@<mAXXtVV?SkK@ko(Vh*kG<7Rg0HvI{5X79Ji42S6m$| zh@H8-7|ZN*gEM>1A8ER2gM^RYO{tZIN&Bh)ib<7cGJKNC)m1)3vOce1I;bZ_qhHvE z3}oH>i~u3ZfStlFQ%8;4sSh}1r*7iz)QknJ@qxyGF*N%jU##L49+jpgT~~q0Mq6Vy ztYJD#;>5N#2uop=n}#@c0Fww@uN#m^Dh*KCkCl0prXX2Mc78DnA6+>hBb6*r%q~@) zbRbgpnt3jHUiAD$)?>fX0UT!^Gf8ZIwtN!S6o%>*?sh|_nb;65qu$9+4R-Q(@rSeZ zh@St0mRu&TYTDVEXzC9&L!hL&&BzIyj;-H!;`{sPIUtx`4dy|$a2W_>HLWlc-K2rYwFZ2SaWN%l<$ z^=sd3$PP!Tit(X({+D81yE*!#?{0uyR>{4?$wuhKJuhV7%J z{CKL7uQcmp|Hzj4O~E)mcvuyE4S|%Aw05#Jq1wyiHP}4(7^;AkA@J)$rV1oim2o4Z zq72Wks*aS9PW$e#ei1*d)FoE*$HM|%8c_z((3l>?OjZd)tz zNq>|EpPgvFqn1=!g_r`(rH-F06K5wafvXz0`Pf$7yR6V_qFgP?C?I>TUuP~aZ1Uce zp0}XeRqWIA+tNwybkS?`3_@fBx{UuSLeut``{zrRCB`t>5F2}9SeN+Iuti>jV(*&8 z?%_>fJ;$#kA%d6w)L}JX|Ig)6j}NeSH(tMC`!Zh@>MDCR_7`wh{L&uh+W%cVQ1)~Ikb z66C1RiFYML$v}%o*Ok*~BVANZ5V~!OJXUc~a_g<*v@=bAaPo_*IV(AT1|oAXlvEgG zEeZ`L{)-EVfA$W=%B<{vgr>kUuw zV6*&T6d@t2Y32SY^5!re=IH9>H|$4<=o`%vHD=!!30LLX(+nj_#;~1CP#PS0!?pzXD{JBK3o zW4*k30jNx!l%%vtet4gma`TIR0nG7w;mMn2l)zgqylgi$0dzi4vH-;> z)G539hzX%=<#HV9sae1_E*{i5`k?WY3eUb#l#Ba|3_#Qr-&Mk2=qw(K#L_{=Ur777 zQ&(T|KCh0@m=&*9^UGDN5%BxWNXVOY5(w=n@pHPp#6yr|94y&1`=sGSFwu|aB61b zMqzN*_KU0p>Qz*U)f>%#mCjAfMddVHt({7wHwQhYwS^)^9CbI##leYXby7QauY#`PZd=jjfDbj#SZ%3T*jIV4g%T|Wb4t!8drV@W*ARy8u!03OCO zsGtav-JeZpD?W`s;M5uaNry{pZs_2uz%>y*)`+4x5q@eKb8-(cath&Aw*Tu~fVah{ z`BjubP>7`QKppJzqEzaQNxne9JP})zz!OV8_TY6HqtAiBWr9b*QpOkq9TN@#AspOJ zBrbp324C$iU8Tc+U$-iDZ+S2mq1jz`CuT6An{ME4Sov7=wzl+Pry0EIQM?wat6Moc zMigsMGY5?&N(|<{dRT4y*{yQy`Q&Sb(u2@{7aFLX>HtbKv%P#H)F9{;ZsuvrsD&z# zZJD%)Rcdq{kZiBk^R}Hj2?}ZQ?A=qk=HGKOqu!O2wRD3zu~5c%Q0anhhl`$(rabqd3hoy* zBj9y*J5c#e;4OB`j1HGl2%h9m&51TVk>*&k~QA-MXA&*PAmZy zqO8IxJ6&D>(v^{3Wu;7*1WCHxmp1et3>D6Yumi4WTAouP-VY6V1#)GPV0SOnrd zyq0?d4gUgKVN0F`0t)|*S3v9Li0QlV#C`d+B^7d*<#C53*4%V_e-JE*{Ea1q z6DLP+!;G{Lj(Y9E+$D)VOa^o-q8MW$>PmQo|0dE9oAdu2nX@Oe9xY zd<>HWr<;oljF4mX^c9kG9}8UTN+0d^=A<^Ix_@I|il-KcIg`r-24C~q~JbX2D**Q>d za=&e62|F^T$Tw7l8h{7^EQuooVwGB3tHQXP(EN+4@8nowsa#YRhm_3`WQXllCKHIq z$@T?R-t}>ne0j4Nf&P7dKEE`HLh^HL7sb&XVtK3ZLMl~+Aq_16Li&Avpx2L4t`}#Z z>2y8}zp^Ww;jV!&(0$HQRug%!UXNgsON2EGfYtI4>^8e_H(JwFz5lm?WC!zQuin1l zDG_u#7^hnUAMRL(o=5m9MYVBU6Nu{n?x9YuC`U{Y(m*}pfuQe(WXzQ}yv!eQEEvdDsW30;DWTzHIn1D_AXL_T7~{Ul2reQRsn zXdf~ZWZ=1sOsizt+Zuj2Sd65dOty%WC4}H!&j$v)78Jr;2^aJW_45V#@Y?$LUrLkkPuac)iG{zQ4FI4&B{!oriowGz*W-`B zX#d4ubdW2HHDe<19B1Q0q%4zPqgaTyeR|JfiRl)5$CelJDvxE*nfSpYEdVvd+6zeo zZpKTBHMP5sIwf1^vFvw7AT+|{dNQ<Wlp7MmYs~nH6hba% zv(-{b7alGMr*+A5QX8Q_42v11zUgBxk7AoF9qm z&=|mfCfVepc=ADfQ{`!Rvup_u?0G&FJcZdC5l2r3NPQ?je>-q#ng+S`PvaWm+cHFt zkxEfLO$XAv+>5xoh?Zm~vqX=SvSC)a`@Cb?=} zk@~Qgmk3!F(e=wHZlO1wmCb(SS_Ntj$%yn>csllNNIcjdak>swod_&YmSG%hdEv5? zw$xQE0z+Q3QmqgMiKOyGoR*BH_Dp(}HvHpiF~(7Ziw_RQbfnW_3+5)WBPd?qfWASm zIE|&_%~@sUX0qi=H*Sn5%XXMJa7Q3oZ zwGcIhp=q&Yq~R2^_zf6U$&R#9Q*j{nbO;^7hI8;8FLq?3ftRwsyH3Exf4`s^ z_DJ}`g0>>R{u-}qJsTUzj5^qd#6+tG>lA-jbyjysg0L(1FM(E*y*lxq`bfxHrpg{l z*GlIivCg+0gpABmZYiOcHMS4MZSuEk&|jj4`{zY-P^XvQ;WjA$?^WF&Py=`8|Nb&`X&=B_c)go`ronXg@pDAr=tBZWxvw6kTepdA;n?tAz{- z#rjMkpE^?jyycrHq!P%S8cOumg)O4(lgY6E)_%Vs{IwqqD~KF;(2F~P2&k}@TZ%*l za1B&!GT6v%BLa)4eL^t`Or`ABjKPWosmyBmv4&0u85WBjPBEH@;9vn=Jwzj_fL(+? zKug&fCJ1paA5a@UpJT!jl>Vi*SILA`HAjIf7}+>m^mj}j1<|=eKjpF0$*sin&(R$+ zShX|>R*~Ykx_sZ}^9<=S@^}ek?p}`Y_RZyrDhe{?LdQ@$tbsU+MT$wh0eix2%XQj# z3~)i1ZrL#LXhRyHhSF>61^@~T4oYlmNWe$vV_~oTT+g#U407?-H1C094ught&pUBQ z(IA80Dc0TwhUtWfL3GxW@6$vh`wkyyJyX!X=nKb6Dq=kiK0*afIr~vMsX@okZV=6TU+_&z4S?QpCNfe>9AsifW}X8NrU`&j?si25a~QRx^wR$-+kXhgA}}$ zcW|Wx$$!88>ysJXI}Wv=C%QWa1-PSHD%5WVvm~iGUsDl6elJaF5rTeiXr#oQPXFs< z?xedobGu9U;Slxha;fR%Sa@C0SBS205O}|Twh#|;`_TvnZ0pPZ24vdS2j~19Cx_)b zZWp6iiR!#cZ@@h!H zFGMxf1VnQyusAQ+k6i(W3-yJ6C=|&pkrR!1bM#_j@WvJ*EXul?aj4)ICN72Z*!p-l z^stx|K5p|AWYWQCIJa(W+Lu_9A^txl)Hol2wBso-?&T=WJvc;F;vb8eUnHe_sNoVo zN+s{N+n*9*dir;kDph*BxiAz`X3U)qJ4PN*S5g_V93yM>Q1zuot)71YCzG9ougcdBV|1pD>(MQ=@t^k|S1^wxb^GY6I!+Whz<0!lX<;pQ3 zi03;KS&_YX@d~A&Zp<>IN2#=m7S7c|$Gg>^J}Z~=ld(PaxEhYx+}Tb4q7xN7q9bd6UT^`p4c}LxK#Hl+~}aYtU^+!;1i4 zNa}rBgKZ((2G{_9C|8V!r*)LRx+_Tg#71>J%i^5>})ZlScC zChys&gj&!M-)_eBZeP!v-_zmjt6u8iIYF>0(ETQ|^ZW)JIVe{FW(c`J;20~u2BIcB z8N4?PgPWn(!J0wG)ajc`C2&hOXcqU~n$Ew|Nl0_iVuEy3-vBpEVJxbl;PFx$C0g?uq3$y3W^Ej*Jq%xq_-dKcIu8!$ zZt|{{$tfiX$DUuKGsqC9Icqd<(=1${oVMW9$j&n1A1ks!0misa-i9%$ma^=K!~ObO3;5gRwVO2S&cr)p5bfMt?WU-3IpC1BR z3G2d|se{PP8~+fvQ*8X;ini9UD5#e(fdjzNbq%IFxeyjud0P>-T?bDlvfvTrcKXoF4~e1L8GPuI(rR8_Zpnd(pt zf4E_vkIla*6po{?xvh`eumU8N7IcqDshyTiY3g`O1d)(dzP8h7eohRg2+R9l6>&?C z21n7{C@QG=-v-mclS%6BDy_ny-xPnhyl3}9L_n}eF?5+N`Qml{zz=mpG-eF0Vg9FY z%7#gp;Vr(+EpnKkp-^g_;OTGtG3JmNnS*3SG~hY@lMGRRgsU7dRdU9ZSCaqrbTrYt z`EwQv+*XQDU?N>QmKk{HdR1rp`nyW-?<2q&*CL&ksj3FYtj>Gj1VWxd*;88<*W-tF zEcDzK7Wxr=W(}tUUWgI<3+up0&tl{qx&o=tJ?Tlj5XvYaaJUC!Jjr_o^l~jHEd(Fs z3GM6|Kcs;+apcVJu&67D==-u9IUn)xJKOUo8XP-xRt6&BP`qMWd7BWs=V(E z|B8q{@=FXY`!7ZZxr+uGk3m_DqcHw$axFm6L^25N8EyRyl%9q{R=+F99%#pHZzd=l z8QjCL+EQstI%WZ`@u5(MnvkcKcn2_ zKIU)x?1IX7l(~#M&tH`1S>`VA zWKf}lBAgFqo=|FONolet`+kg~BRv!ybB?aCneDA8n1fXiCd$xeL3Fc8j_m!b&(2n` zdOwW&=~|sFbKELNAMa6A7M!{_9)$nrR^SoozBVf8^}ct-eg%PZo1b=GSS~-%YUl~~ zDGDF)IYAC{8`aanK5p+UlPpec@)26wQn|iS_%GSiug8-`F|U|9coBpR0@dn|mug>7 z*HLtA2cGq#+=DuzVh6|hF)h?JT+EiLj(^NP<#i-+vvLvS{4>@S(T|M1aDH~st?!?( z84B-Pud?pGXtpZgG)#=0DtdCzWwyy>c$V>pUn1&aaNslQlr~5A{W!K_i*ZP{zl3a_ zZ0j1y9WvKDM`{<1`sW@uVm1~DX^2-vEfFclV7`N1D;x>s;G?Dl0e92e zPfCBq06630X{(P1j~f&h(X!mR{X?SzoLAA?$&U1B5<{0{wy-X(OUD?>5vvHp3a)Fo ztdroD)~K)3do$5$Gx$WNC#l4(8RARC_Y#i~JF~rHB{g#5w#n%`XNdvE6?}wUS~u)q z&dZvS_0t$tNO756YxG*!b;-Nh0}jv0x$ zdn*K8;Y=F}e1-MhEuoJgMrIhxn4E-94OfuG??G<>16lm~BJ%HnF0RFmvYeVC##zXW zGV6uOq*8*u?W9sf8G}*4mhTCeQo1fKwa61&+HwaqIUtzEBnt@%kuQ>P5i{Ac{q4v6 z0RLR~j#*5br1}&#>(5F7YnDYz35m*aGoqL7%6{$UHf#PCe0j|+WA;BQD<|yp1FK;w zR4;CwLgnh1p^HpEiYSL?h5cdv4Ll(0@x(+V3yLfd!ovbGl|c`sS{`ekPyOumw9O+}p# zCqP)j2Yl|hVl{)|#9q(EGQVhM(>Gh`Y`K2*0I;mmuH8%$|I!znNHyb1zvA5~pXMT? z8Ji9Xrfp4M zp5#)!x5qCic;)nKnAXx-w!-RkwuK+xf!d)09W4A|0;7JXo$8hpWuuO^n0NEaF-Ge=^EZdJkaZ>y;Z# zGN{|A+GD@!ktu66@LO37=$q*shS?uO+&d6n{kIbadNr!*=%u* zMVeR^k#F6cD5GpiN;cK2>%#WV|GE*sT4!Ig?h7mB%AKg-K29YWCm3Wy^92i{x}zZ( z=*a>2{^k4}MNEL?r$!P@?Z4++yaCr5IXfnfaT)F0Z{D$h*1Tb;1MGGb3cpx|JnkH7 z*)ZtISP2n9-6bQ!`Ef9JXJ9Eq(2QpYw6>kY(?A0Ein3_%?I0aJ7LMQ&+}<%gQ6Ifz zHGhKsftS3mb+r+$GFW}Tr`9>QBfb0@=fv z47L+eh<$Tn>mpC0#7yK_irn8{<%`c&ubvCMe6#;2L@*DcL~O@TM}tgmn#b zz>5JwAfhF2cqDu4q-C2?W+9q0AXwcc@%4t;zkp(5jXTCcZuQj(Uu$MZ`p;{i$`q(S zu=ND=U5zWK;QaBm5bmQyW@mQR2Z+1%CSC}7k-wjG%Aimo55@ZTl1rRLb*UbBPPjQJ!wT{2}B5sx-a#kxrv=f{$Ww)=p0cu>E;9OPMzJ zi5gaSfF$8QEwLH?A&z% z?xEls_#YDH5J>OS5A*d$CBOUDy-khW$HD;0UGFMR_x;xp^xj#L3mGVZmkE%Ab8R6v zTUe0CoVSEf5Q7;ylaQ*!@&u|#k)lqu@oT?PQ94JA&l`%*Y zcfa7d=~W;2Lz$u#rIu9qFl!o1PZ7{f$LorYlbiGNJ){z_p}5$j611a1OkDf~MI@O? z+dB-whXk22`u3t@t_4ZUP93ELSm~|IgPw9$Xh>tS^LT+M7qZSBZSmAWB%+Ne3B?GY z6n0erSp$3H>in3wCi3M`2IxwtT*+ z%se+e8M_%!MQ4HC*M=_DMjdz?(5D^fTKpZ+p9qacCUFGQNkY@Hy|?apNk~ z&gTDD;y#`H@9uI-*e`0@LMAy|M+yRFaBK=OHd0nd+`4|=X*CyNQ!#yKC1jpT;A^7% zLOo&H0jQ8tpP~jpdoToe{9HL9*2O>wCPONv&J{9Y#O6(qR4XS2M!r_(T~wC%!~+(g z6>jEGKY>BJbEBbkpbCh% z1-CSIfiVbkq&uK}D~M;8;ddY@DN+3+*t<)(pEA$aSpJD&2rD2I-Vd1EVfE0?F{&cf zCe}QA@)to7xyM2A!XV%F5{>mAcL^1fqo)gN#&H}eCx{jUC8hT1Afmw3vBDfZV zmT1$iS{2cCEiEHt&M1qOXzl0#Z=XeLdZrk@JkZ94ki0L=;sNqz0{ukU@u8 z-zUy$ia`ubM;Of-e7Mf^1CMi5%6)NxS%d;q6gJbZxuclyi)M3#MHl3~J-Ux&ikc2DbKhADYuh%7iJ8?v!|BWJ8Ho`RAcBd^dx zT(up2+?fk^so_6s`@KeB+7#8++c< zr`=D-mPAd9USJ16m9E9~=%A_FUzvWL)s`hh(C8qI^C`99aATdgO={7YM9XOfjD?7* zIYd}fC}Si%ri01-p+KKdlh7t0TD9T+OdHcC8nQ$b#k9wlWm5hO*Ejg1H<^ zbwYQ@$L);zpVq=fl&k(UMfzJ?cbL@fHusPIL^MnSBQf%5b6h`NAA zU}4L z5?9_&fM9EoGO9oQi(?NIQHQ$t`l)){`vy2cSFsII1I}}|t z!mJlHlV1-Uurj`Gqs^UE?E7LopnKBjZq%ZvGyWkWL}2qZTSoy{_~T3b)wUERd9hvA zL2zR_hEy(xF!oQcv``0)?lMV@pZlZ#`RX$-^s7!rU84Hp255lI>MHmDIO#m(dr^G> zf3bMOi~IUdYNTrnOOYK1?BL8dB&cK@H48 zjGJ(^i{NOiUXY*wAD`|txR9s|4D`4)(FzW%Vk5W8{GCZa*G%Tw-}SP9VU*)_e(}7c z*49RTnZmV}qD?@)oHDr=4(vHwRf$g`n6ORlm{vI(rMNiDJjsB1EZ^AsGe%f2haUf|Gi6 z@nO`!_Po0IAQ_#TB-5P51~`xZB}XarAD7S1UcUq%&UY{f{zG5lxe+!KHWS2(%Z_kbYcX)8RzW-TC*#MXA<3G)2?AMCn z>lXXFgJoYk#!k}LrT{ga&G@_uT-A+h!k0rZ_-Msr`P2YGgVC4kZLd1_`rB7Qun?=k z8u$4e@0AeDWg^(cMz9isx$FVE7z9>AVC&=?qFj|+phoW!_)8}4vz}*^k*V&@r|7SQ zKv?#*Ux|(*p>HpU7R&LWersZUMAddSf%1H7unNp8)v1s~rC~3Rw^Zj{Ayq~a+p>9n zbUseM8$J!5HjFDti{X}<_{}hULgxq~9Or%)41Hm$lQsAEHA|8I6K+4d%8l>*VnM86 zlmEx@z8nAP`0(Ih&Ht^UYydOca~S+M^y4c92UWe#Y~nKux4A6K9z}%3hU8ROI^-3? z?wnt=oQ?JYG0k6!NlFw6|9tR?R^4y~X)O zn`K*R;Ne<#GzE|Tp}L1k_dE%3!*3N)(;NN&7epNp>A!I(bXjdj!LWvoK5%rHGb8F`Qov!T#yN zVE<%rus1k3JZ$@Yk&F$2MaJy+*ml(C$E$MqG3zUTyT3O$*yAwl4Gxb~WPrk%N8%^q2x1lD38S1F&_py3prcaNCyFxeeQ z)H$q(%rO&IYi)QoF*cOm)8&x@r;D7%^qF z2rF9_e-*6NAgm_7i2AmpfpfWxjA5G>XWm0!#vd^sZX1cWTNsj3Up2am3PIUM#7v2^ z3aF?*n-n7M^FT+HP^m0i%Pw^*r^%hQ#mZ?z{iK_w7q~*^U?O}=BOKq_D`^{CKj=W2 zQbm+ec}rXVN`hld{vRRrE2$I9<5@a?RJc}ri2vaLB_xG2_AdExa&NZU) zd+|Ut1Yjzv-=UPL3`;@6Npy-pj8KTe+8gP{E0Ov6tESoX-X(g|S`LRmM2wK(+a zfOBIP^3JyboscXF`ObU#6y6aWqVVa{ZIHzxc)-)AXFp!Pd;Q_+CBYMxY4K5)Y49s&%o7$P$UjFIcxT{Cl^&= z6oIEt)mWZB9rT{rf-SGN4RAar=~TwC;|C^Em!8{zB2)^WFVZuTv029)6(5a=_i5Ai zcH^V|sAaxSo0cKu)^~a{=DGh-`M_3n|Fd^|xaY?IJ~};F$A4H!G50?}P5UFv{$wAo zk1Y?B|Bgdvq^!l<{28H~-s-O`%HRz?Qdn`P&{@PSg_$TMK5ubDPzPQ~gFk=jswzD^ zteCl4@HDxu2Csf{bMP(^^TPuvaC>PDo~zDZe2%Sp+%xTJYRh^Rp^s zi;?7W>A9T5)&!GP+SbxXB{*JO{M@>+ zcZ{N2_oUs ztBJ{C1fVZTgagc?2k||YO^7AQC51$&V!}-ws%{HhLn^dgYyw95>EL4_lpPm-!^;E( zgIbsyO)^z&VVMa#CUkyuA!JISjRmNA1ey8)Rz*K9*jVxhvNiK~ZL&CLvE@I#$QNw@ zSTFw_9`Em;y7J%gI{x2k%7%&3xqSb>*4BW!)LI3a-WFyYxLVi2>W7`mBJKSI229B0 zxlp+fn>|%(Zc6hOEbi5eU?v+r8wW1o@7B;lu8CD?g##&jo8ixHmRE;^W^=j%O!HgT z=~8ROVp^yY@H;Q-S{&5L;$@gtjRT`auy;ZikWEu{IB2vIEWoq~`!`iu?FGN8Vur)5 z76)BYrF~T#xcZQ8h^WOuqb*+nrjAL=>q?D{R^Ea|7xYa~VP|Z#+$2xqpipz5t8Ig~=nkdZ;9dL^#8H;kC(&!U z7le+z4w;KIOKZg+M;Y!*}GP>SFv^u>k735({Gg zU~enOK^xc>fdh`~vj{_46TqhPE!LdHUIzd+0N2n|M;r`rQU%kJO*BjWiA5yDgAq)4@>5{V0gqkM%fSXV)ov<;+}~R32bF`h z;QEUj2LbDDC|{x6V?1!s5BSN4Uf^vGj=-e?Z~PuUf>WEb!~Ps7pMjkXz&;-H<4eqgJr!|K_9WnAK50guamxn523B+}dbIc>HY+0KU5ru+vyH*}MICy(o_tjf(AD+*Zm&*>EgS)$;T*`TbG@^sphMo(YcsfZ z8fr8>)pJ%-%Uq#M86jY&?Zl1tDLehXJYo<6n$6LX{8QZRJ(m=M$?>sLjW|qEH|Gf8 zMfp%5|JV61YQf6${5$g}zPTBsSq#(0OUzQ81-K*yJ zP& z*OT*I{@1OPSJLOn*Zuq7wYPU~vR7GJKHa_!+@9XrMu+U~w63k$K8H^c#i&=5i7`@xdPRVl}~?bhuZBC;siF%NW9E*MB-Mu zS$nV*yFX|7Jx(Gszim^8%CEPY5O{CP>*m z_JQ0KtwHV<`!xwAoqO zGL~Taz=KP8K#nFS$DQ+Dk0>X|FfQ;48Gpn>cZ?oUZOB$>Wh;{>%PU)X!8a1iR&DQ3 zEjxh4izk+qI%s)CswaBHv2saL#~Kq#K|3hfC#f#TM_ZF|2-sxIZkngP5S(xzoij`b zL~dI1fL`0A)UhZ8X9AHrq=rBYqm6r1KCb-G|T#Ge!oBDRcOsM&PhPA(E9lXu$ z-PV@9-j{m-#J@ca6!_O~J4?d$igEp~8TL1qv1a{$`p5IL#`^#K_~c}_{@+G<1?n9g z{|IodMgX<+1$i4NxSMxiw@r-&9c8GPZR=JxIV{j@?ICezO(nWQagJbNjziU0@(2vA zusgDjLvWR)DJHYeiv$++5#ZjYWQUSWzeqN~%VLY?OCAp~-8;9pT+iBwwkE-GsW)%%rKRJC#-eYVj;vCCcx z0F6C$dF@*wp`lwF^}hl4etu`6|DCqu|Gqxn?f-10yaK*^KlVDGqT#tKbUwP9kJ{#; zllfU`?KLmWIO}ef^)kr1S+FWQth)u)%l7JNUvoFMdYM@rxto}{v$CstSybH=tjdt; zZbJ1ko(}P5t*oWrwVhO&(Y{B!A`2%slny3|*jWvCWmk4(S3JxA0{{U3{~sHlSO6FY E00&^hApigX literal 0 HcmV?d00001 diff --git a/library/ix-dev/community/clamav/ci/basic-values.yaml b/library/ix-dev/community/clamav/ci/basic-values.yaml new file mode 100644 index 00000000000..d43e4076036 --- /dev/null +++ b/library/ix-dev/community/clamav/ci/basic-values.yaml @@ -0,0 +1,7 @@ +clamavStorage: + sigdb: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/sig-db + scandir: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/scan-dir diff --git a/library/ix-dev/community/clamav/ci/milterd-values.yaml b/library/ix-dev/community/clamav/ci/milterd-values.yaml new file mode 100644 index 00000000000..82e77114cb2 --- /dev/null +++ b/library/ix-dev/community/clamav/ci/milterd-values.yaml @@ -0,0 +1,10 @@ +clamavStorage: + sigdb: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/sig-db + scandir: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/scan-dir + +clamavConfig: + disableMilterd: false diff --git a/library/ix-dev/community/clamav/ci/no-clamd-values.yaml b/library/ix-dev/community/clamav/ci/no-clamd-values.yaml new file mode 100644 index 00000000000..948c16d1f95 --- /dev/null +++ b/library/ix-dev/community/clamav/ci/no-clamd-values.yaml @@ -0,0 +1,10 @@ +clamavStorage: + sigdb: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/sig-db + scandir: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/scan-dir + +clamavConfig: + disableClamd: true diff --git a/library/ix-dev/community/clamav/ci/no-freshclamd-values.yaml b/library/ix-dev/community/clamav/ci/no-freshclamd-values.yaml new file mode 100644 index 00000000000..bf7a2dbb4b8 --- /dev/null +++ b/library/ix-dev/community/clamav/ci/no-freshclamd-values.yaml @@ -0,0 +1,10 @@ +clamavStorage: + sigdb: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/sig-db + scandir: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/scan-dir + +clamavConfig: + disableFreshClamd: true diff --git a/library/ix-dev/community/clamav/item.yaml b/library/ix-dev/community/clamav/item.yaml new file mode 100644 index 00000000000..07ba36c343d --- /dev/null +++ b/library/ix-dev/community/clamav/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png +categories: + - anti-virus + - clamav diff --git a/library/ix-dev/community/clamav/metadata.yaml b/library/ix-dev/community/clamav/metadata.yaml new file mode 100644 index 00000000000..27f2cf9ca2e --- /dev/null +++ b/library/ix-dev/community/clamav/metadata.yaml @@ -0,0 +1,18 @@ +runAsContext: + - userName: root + groupName: root + gid: 0 + uid: 0 + description: ClamAV runs as root user. +capabilities: + - name: CHOWN + description: ClamAV is able to chown files. + - name: FOWNER + description: ClamAV is able bypass permission checks for it's sub-processes. + - name: DAC_OVERRIDE + description: ClamAV is able to bypass permission checks. + - name: SETGID + description: ClamAV is able to set group ID for it's sub-processes. + - name: SETUID + description: ClamAV is able to set user ID for it's sub-processes. +hostMounts: [] diff --git a/library/ix-dev/community/clamav/questions.yaml b/library/ix-dev/community/clamav/questions.yaml new file mode 100644 index 00000000000..f5a1a952cb7 --- /dev/null +++ b/library/ix-dev/community/clamav/questions.yaml @@ -0,0 +1,208 @@ +groups: + - name: ClamAV Configuration + description: Configure ClamAV + - name: Network Configuration + description: Configure Network for ClamAV + - name: Storage Configuration + description: Configure Storage for ClamAV + - name: Resources Configuration + description: Configure Resources for ClamAV + +questions: + + - variable: clamavConfig + label: "" + group: ClamAV Configuration + schema: + type: dict + attrs: + - variable: disableClamd + label: Disable ClamD + description: Do not start Clam daemon + schema: + type: boolean + default: false + - variable: disableFreshClamd + label: Disable FreshClamD + description: Do not start the FreshClam daemon + schema: + type: boolean + default: false + - variable: disableMilterd + label: Disable MilterD + description: Do not start the ClamAV-Milter daemon + schema: + type: boolean + default: true + - variable: clamdStartupTimeout + label: ClamD Startup Timeout + description: Seconds to wait for ClamD to start + schema: + type: int + default: 1800 + required: true + - variable: freshclamChecks + label: Fresh Clam Checks + description: Times to check per day for a new database. + schema: + type: int + default: 1 + min: 1 + max: 50 + required: true + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for ClamAV. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: clamavNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: clamdPort + label: ClamD Port + description: The port for the ClamAV ClamD + schema: + type: int + default: 30000 + min: 9000 + max: 65535 + required: true + - variable: milterdPort + label: MilterD Port + description: The port for the ClamAV MilterD + schema: + type: int + default: 30001 + min: 9000 + max: 65535 + required: true + + - variable: clamavStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: sigdb + label: ClamAV Signature Database Storage + description: The path to store ClamAV Signature Database. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: sig-db + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: scandir + label: ClamAV Scan Storage + description: The path to store ClamAV Scan storage. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: scan-dir + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + + - variable: resources + label: "" + group: Resources Configuration + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for ClamAV. + schema: + type: string + default: 4000m + required: true + - variable: memory + label: Memory + description: Memory limit for ClamAV. + schema: + type: string + default: 8Gi + required: true diff --git a/library/ix-dev/community/clamav/templates/NOTES.txt b/library/ix-dev/community/clamav/templates/NOTES.txt new file mode 100644 index 00000000000..ba4e01146c0 --- /dev/null +++ b/library/ix-dev/community/clamav/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/community/clamav/templates/_clamav.tpl b/library/ix-dev/community/clamav/templates/_clamav.tpl new file mode 100644 index 00000000000..3224c567ec1 --- /dev/null +++ b/library/ix-dev/community/clamav/templates/_clamav.tpl @@ -0,0 +1,99 @@ +{{- define "clamav.workload" -}} +workload: + clamav: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: false + containers: + clamav: + enabled: true + primary: true + tty: true + stdin: true + imageSelector: image + securityContext: + # FIXME: https://github.com/Cisco-Talos/clamav/issues/478 + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + capabilities: + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + env: + CLAMAV_NO_CLAMD: {{ .Values.clamavConfig.disableClamd | quote }} + CLAMAV_NO_FRESHCLAMD: {{ .Values.clamavConfig.disableFreshClamd | quote }} + CLAMAV_NO_MILTERD: {{ .Values.clamavConfig.disableMilterd | quote }} + CLAMD_STARTUP_TIMEOUT: {{ .Values.clamavConfig.clamdStartupTimeout | quote }} + FRESHCLAM_CHECKS: {{ .Values.clamavConfig.freshclamChecks | quote }} + {{ with .Values.clamavConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: {{ not .Values.clamavConfig.disableClamd }} + type: exec + command: clamdcheck.sh + readiness: + enabled: {{ not .Values.clamavConfig.disableClamd }} + type: exec + command: clamdcheck.sh + startup: + enabled: {{ not .Values.clamavConfig.disableClamd }} + type: exec + command: clamdcheck.sh + +{{/* Service */}} +service: + clamav: + enabled: {{ or (not .Values.clamavConfig.disableClamd) (not .Values.clamavConfig.disableMilterd) }} + primary: true + type: NodePort + targetSelector: clamav + ports: + clamd: + enabled: {{ not .Values.clamavConfig.disableClamd }} + primary: true + port: {{ .Values.clamavNetwork.clamdPort }} + nodePort: {{ .Values.clamavNetwork.clamdPort }} + targetPort: 3310 + targetSelector: clamav + milted: + enabled: {{ not .Values.clamavConfig.disableMilterd }} + primary: {{ .Values.clamavConfig.disableClamd }} + port: {{ .Values.clamavNetwork.milterdPort }} + nodePort: {{ .Values.clamavNetwork.milterdPort }} + targetPort: 7357 + targetSelector: clamav + +{{/* Persistence */}} +persistence: + data: + enabled: true + type: {{ .Values.clamavStorage.sigdb.type }} + datasetName: {{ .Values.clamavStorage.sigdb.datasetName | default "" }} + hostPath: {{ .Values.clamavStorage.sigdb.hostPath | default "" }} + targetSelector: + clamav: + clamav: + mountPath: /var/lib/clamav + scan-dir: + enabled: true + type: {{ .Values.clamavStorage.scandir.type }} + datasetName: {{ .Values.clamavStorage.scandir.datasetName | default "" }} + hostPath: {{ .Values.clamavStorage.scandir.hostPath | default "" }} + targetSelector: + clamav: + clamav: + mountPath: /scandir +{{- end -}} diff --git a/library/ix-dev/community/clamav/templates/common.yaml b/library/ix-dev/community/clamav/templates/common.yaml new file mode 100644 index 00000000000..cb90f891d93 --- /dev/null +++ b/library/ix-dev/community/clamav/templates/common.yaml @@ -0,0 +1,6 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "clamav.workload" $ | fromYaml) -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/community/clamav/upgrade_info.json b/library/ix-dev/community/clamav/upgrade_info.json new file mode 100644 index 00000000000..767388094ad --- /dev/null +++ b/library/ix-dev/community/clamav/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "values.yaml", "keys": ["image"]} diff --git a/library/ix-dev/community/clamav/upgrade_strategy b/library/ix-dev/community/clamav/upgrade_strategy new file mode 100755 index 00000000000..7e4b5ffae04 --- /dev/null +++ b/library/ix-dev/community/clamav/upgrade_strategy @@ -0,0 +1,31 @@ +#!/usr/bin/python3 +import json +import re +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + + +RE_STABLE_VERSION = re.compile(r'^[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?$') + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} + version = semantic_versioning(list(tags)) + if not version: + return {} + + return { + 'tags': {key: tags[version]}, + 'app_version': version, + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) diff --git a/library/ix-dev/community/clamav/values.yaml b/library/ix-dev/community/clamav/values.yaml new file mode 100644 index 00000000000..5a9f740cef6 --- /dev/null +++ b/library/ix-dev/community/clamav/values.yaml @@ -0,0 +1,31 @@ +image: + repository: clamav/clamav + pullPolicy: IfNotPresent + tag: '1.0.1-2' + +resources: + limits: + cpu: 4000m + memory: 8Gi + +clamavConfig: + disableClamd: false + disableFreshClamd: false + disableMilterd: true + clamdStartupTimeout: 1800 + freshclamChecks: 1 + additionalEnvs: [] + +clamavNetwork: + clamdPort: 30000 + milterdPort: 30001 + +clamavStorage: + sigdb: + type: ixVolume + hostPath: '' + datasetName: sig-db + scandir: + type: ixVolume + hostPath: '' + datasetName: scan-dir