From 998b694aceb5b1df22a6fddbf9d0c9822bb05cb4 Mon Sep 17 00:00:00 2001 From: LiZhenCheng9527 Date: Mon, 20 Nov 2023 20:03:03 +0800 Subject: [PATCH 1/2] Security Release Process Signed-off-by: LiZhenCheng9527 --- .../images/vulnerability-handling-process.PNG | Bin 0 -> 39993 bytes .../images/vulnerability-process-timeline.PNG | Bin 0 -> 16990 bytes .../security/security-release-process.md | 130 ++++++++++++++++++ 3 files changed, 130 insertions(+) create mode 100644 community/security/images/vulnerability-handling-process.PNG create mode 100644 community/security/images/vulnerability-process-timeline.PNG create mode 100644 community/security/security-release-process.md diff --git a/community/security/images/vulnerability-handling-process.PNG b/community/security/images/vulnerability-handling-process.PNG new file mode 100644 index 0000000000000000000000000000000000000000..6ababfe697534d80be656979a54c123f8c5068ce GIT binary patch literal 39993 zcmeFZcTiK`*EbqOMZby&s0c`rs?r3dLqMfU6X{)=AP^A{LPp2=-{<)~@4WBa`{$iIH#3gs9M9Q%?bY^LpS8A#JBHfK|8V^S z0)d!ybu{jRKu4TFAcomvM}a35UgoO6UkrYCwQqt-doC;iH;3JB7~BAX(8v?}jz@s| zJndF8OS0!{R~M0dr`b+EnG5HMyEQ&fO_n zdrm}AaUsyCXRBr*E$dRxz3ca{)^NSLq^lprjtD+;$A#_eS|+Sv`+g%C5yo9JQBFLh9;KXkQlZ5g*VNjVS&==uHoD8PE+@1?Nd|J^0w zkw8FAlAPnSq^pkBznaR-Y9#-D3mN#K;q`9fF$Tlwl#?;wF>_MdxL3JkYvmHc^6x7T zR}C;)KlQ))YK#AQ^5nkz4T0f|30ts%s1tV#Nci9Bn@cJYBYj%Z&e?`-^Qwherb12( ze?IwKslqCzxoNg8Zpp!h{yXr5(%XpmrcPO7VJA@`8MIX=cJ0F(ftlzr`(3n-2z;}u zGE+Ptku|Xi-Y;j6<~Y9WzKal8_uXQ=UszmRhmaUoew0wRs1$wjPGV=?3zW8$R+x4S zTD5iX@1&=fH3X^>@97B*U+C0s*U|eBm$LoA;rzN#UWg6kc$-F2yK3($w=Ao&AT4S# zupzmhL=Qhd~J7FRBQhNVbL zWbo^If8BV%ix{!I`Ms*~QVmBh-`+#KJ7NU!r70o!4a8e1kJFG`BUbTFi8os^WMGJ< zwA><&%2N6}>~xzPYign%Ve&@uE{UYGUAxl$U0up}!~vT%?k1%y%1XGT7BWdAYIFLl z=-X}QCX-Hcex@V{0uQ|!$T4gq6bvbatI&n&+podJPf%Z4IF7KImD9tm&5 z;t&_dYcI6-9q#na7?-ye7&g!AmkElgRI~o+ui|8<#NIG3b7c4i!z}-=FzQYKNeUS3 ziLW%RO=0>df0lK+4o2&E!>mPHc|x_&1Y5gOCdMHRVh0{4rigk|o+)YtUwG8}7nRO4GXjjIC3;a4%`i$=Ahb*kBQ-8 zMw zDU*4Lnz=!cIUTPGc^Q%_u6#Y12N)Ct>Vv^R45md5h>;1eBr!z~G5K`$)pF5uaYay3 zr(5C0exFva#l3Wtkr|u+!j8VZZ#ZP{G89t~MK_ZGDONED1C(I-@i(?izefY9JA|{N zn|o{3=Lf8r4n zp$UzNpnJ?8h;{ik)>Yp8a|p|<_X-#3>N(`N|Hen7j;T;n;GFvj|%TD=nBD;wSdr zafNmId``>jS#<`_7kM<+bmH$oXz~Xn(|MRC@NJS2SM}}(b5WB~(Ox7WcZKGi!3f}0r^fYEVgkj!AGNJ1e-o3lNRr{(l!buDRDnq?x?yZk zOxsm}0E1+tveT{ql`1Uk`=w1EZShTMhlqe)fMT<2nV4%%PhZCJ$P-KeLkEFc|C6uz zi|l7{d6($VU;mbihWH(ce;uy#Un$Wg1pJ=F{t?#y=JG#e!3?^@O&8)0={E4& z9r`2L^T+<5NtRsz`1TG@8~(g@MM##l5U_x0EBe0sM*{#l=vo2XgFyFAt}`6|Z<;}O zWd0@pf4x+{wf;Y~^2GHsP4>ruF-%|4)sIgdG$g?4iH40GmUe8pjL%$sSJ4 zR1nNd_zC88Ti$gqi3OcU&!ppCO=fu?n1|`p=^=dKJBGZgPG4%zc z&t9~Jc1zKo%X!2|n@^Od3?=v|Ud{|Ye#=e=bKm~$a`@vjRmnM#QN=-bW9M=WeeGSB z83V2xp}y9hnhg#vF1FXk`LjyK*@BBBUB0cZ;*9SOfB9-=j>LxMtrbeoFF_KG%@tCO z-G+mYJc-^=BHp;XAyDzH?8-vWLLTXvCept)uoOZH`6tVLw4D=Ine3C!sj>g)fvOZ? zGjL-huD*>Rl?dhWY~t;%wKqY1Eaj;jL(QyEW~O1iwpel+brVHaHw{zDmEbFVqq9bK z`Ly@rD1W%WExV3Bw86U_e3>*Qni()CCY86JA2mpDXJkVUJ39}4au!un4V&gqP`X24 z%qZ#0*izwk>smx%^SbgGxd-m&t1+qa>z`p~-?UCJf|xX0hyAR&&$|e5)df>{im##5 zJ{C`f;KpgQPYW&5Je5INMZUcu862ngc9Ip1ZkO5O6#47)am{{xoAy^TOCuj8&u&nq z)zxOVw+WXDEOKeeJ->N`qcD7!v-QeZz83Ulx)60Es@8kdKk=bF6%s%WuP0YT`ESow zaF`{CEB7}tyz5RL9Jq@jfKwFsk_N=FLsRR*{p7FC+Sd!hqF(canGp2&#>-LKw|+{u z)d!sXFkhXf{0yS=&do~Odpu-L6uH?jtumZA!pDsTTjTYRq}`#AW*LbF{L>o=1`VRO z2AN__?eZv(N5I)+1-K#0(o)dst?Hsd*nJ8z(c4PP@WiINJ3AXXL5n-!O!-VQ&zJu7 z3+YwbP~P!iYRBWQftg@CBO{*E8{603D(&k0WB|i`zl}iKtrL1f$3G;Nuf>I;*qOv} zN(@;=Tj)OcR9uW7LyXc(8_BA>zLLja9fO-m13RF*#5mj1YHD!UYz2RCYfY7)NmKD` zD7Wb(rniBYH0}5S-dR$&MFGRq`mWfy)i#Wb%Recb6L$Iv=4mKJGA4w31gbL zZu`)w4?BR3q~RSo=c~?RdEqKPyf_}L0;)_90k87mVR_@awSLvgfpHBP52=Ia9f_iD z7I9Od9=AyAD$quERYfBC4(aJ(8_EzwnvlkOyD4mY`y#&3CCq#?d9`_0ek@9(cn;*s z`$GT`{Zrw_9N*5?)8V^~4#`0r^5MLvyH-Dm6GuvCpWZxJomzieB95ZUX_DMWkNRa^ zm`fUG0i`E|Ol{Ubxr$7!`r=_bkDkcW$Ev87;z(N~uc_PD?x{*y^)v-hB&|9(M!i$F ze23xRiT)dDD}{L~+nbPQHIvE2nkFZ5cN(@_QetxyZ<3ll{9yEGdpZ&->uMADe^3jOn0V`3$&o2x}xGALm25PMTh3#33;5dEu3G3%Tox5InQ8g6jOLTb=tSNoI}(?Hk0RG z5sNDAvix;0*3pLH7jy=AuAj82QAM~8Fol&DUouS&=7sL&@SYa$tTQ}{VAKx0_ie(v z-5k&jJp`lE4lRjt4^F(`e;I_1%Iyd(+>Kwu;^cb zUS4%GNpV+h-F_DrJrybveeiQTdCsbO(%6A<6&Z=nMC?Teu4VdMcdp4|&)r^##hi-Oy8gl6^`-P7=&P6^u)uU?!c(b~vE) zACAtb{$`9aj<0^i}Gb735@oR z!b{2G5B^w?oF$zv>7!s5PO9%eR(WnAx)9MPPnoaLdJHjK3j($iK+t4}cjN}V!2 z%)#JHx#{9p5pM8DjBhW>mZEht2W~A@&B8Ke@VyLUN334~=99JT&;LeAYsy&BDErp# zyQSq{@ZnYDsg@e1!+N`%>0qv7U2k1?2VYc*BdNok!fwZnme(QOW6<(I3Qe8~h$>%j zk?I!|5>9C(_H#epdsndF!=hrh(7ILQy0vM);&gY&t+wZ`m+S5d6lN#=hbz0=R6g4) zOK)rM`80^e)Z=b_C8iopeysjd+o)bRRlJ&m@ei)#=nOb?-m)JtvgNs_aBrz^Y37Ck z5yROT9_H+t?|k!Wrph)Ke2S3dB!he~?3`9~l1$sOL^=xFV->6LSCqoKAH9iD*_QfY zK@869F5BAPUfA>&1k%0re3nvW<^rEL=_ELEs&|CK(UU0I3pc-0c38gMigt4n_IMSV+J zQDutqE?MnYm(q4#4|jpD_?&2!G=hbnu}~t}nPcYA*8qEBdzjJ3_vG%PweREi>>T*b zysO9+gZ{x4iRvE83@5#SfI^kEhyw8lZVrGwPRse~XZWZjUcvA=_8jS}UE3jh?7JU< z@j9vVrQptfgMcaJ1IpP>4Ag)|qJe=5O{ zMLk5@_8^48foXro1k_1mK3gakZ2ZnL{B=X7;;O3kFf}w6d$L~!(a2ekZ%{dH9S(#; z{d>GR@%h&@92+0@6C$omh%R)=kaXK+jUK;6I*n~?@lVyNeQ_u_CDmGW+2>}&eDz>r zTv2g7Rc_l#(sM1G)G*MQOsu3^+;5IKujnkO+G$OXNFdQx*zZ65!A~mQ#n<759X@M? zxvf2)I9hIJx!eges+_VEsyv0Y{Cai2ad*%zn7f#8LZ~yri};|Ou(c?Mj|dub#;mV$8Y|{LAgs-iJrcYfuK(_-o%lSIN(s^SaWW zit?$q1=@XniMVAGqVxTDo8^a|T@N)|4)LWqvkz0RDt?kB-r7Ky$dhz4@oL}BF#l|L zwv90C3Of0m9-{-91&|F$bNToGBtKvUfmS(02JW_htNOXm3<4dZXS$IZ;#%2jjo+Hm zkAj{&T)chAWXi66G7gB`)j#TBoGvw>p7^pdfzAuUK=jc6p5^b{)%O>J5ODXz_MkZc<@GHtp$5LoBiT=xfiYs-WdQkT*P56N%z2+KpkboW=EgSTd5c;T*LM6 zHM>bfxQTw!)h`j=uMdK1;k5ZyyXi0*@?Poz_Q>>k0>07b%?|NP<3TlX@@%S{m(`r6 zNpHdLX}^3d$DeL;*hxsL_Kmb`a7-MjqFlZ4_=-zi!m3S`-{=&Uftqqjpbbp~savf% zRBFNwrsJo3M5j2!aPa%8YkO_Woel-RpjT~ ztsVqI#`@Ts>7C>3n04I4Pfb%q+_4T;~YaN7qSNfx{Zo7{@rY-04f+-y`Fx3fV(<^&<9{YB+ zu?R};MgqRag)I82WiAlVGOFi1@T{-BV@mL36z;3?gYdGb-CXem z6ybS+v(;I}xgtxI%7ft3Cg)NSmLX1Z6TLLw^|G(4hFVE){e^@4sThF?Z0OcZfN;mrPrR=EE29Y5 zoqCv73`G6U6rG`c!v8(R#9p7sdZKV@F?PUMAU&dT^2qY%Yo@~ID7~@FamcoESN{#^ zAkloQ45QuPj6t4{N{*=(<^tlIfx=F9ic3dpAHgi36TIKeO}ykU)_ss8nZ48l;RgTrL_dF3eF5EwGI_lE z>eV7n!|V$(fZ<7ISx@&o4|-Tx(f`nQ{Shr=Qy{IViV74M7RQRQa!-z8w}c0T*_1N=Hu#`pL*H6{N_?JyLSCGMJ@+Q4h@ zHvUOeYd&J6Ya@Mg7Dy14?{(K%YU^U;)}t*s{WDB-0Sxj^%)0)_Ec1>QLZGuy?lq5P zRS|D(g8s5~ljLT$+q+-mrH>tSBym&DFQZCHJfKT@RtxtDNdKieWy*1Fcqv+iTb6fu z|GK`wa1pE%32pD2Q|^r%CZ+bqul6P;M|6)E`r%9bSq+e=>gN2-wA%nK_T=@+YnLii zBd<`eQbb-k-;w*3)vO?<B2l#k=l1 z{9;X732J1|^jeN5UH9(}*Nmn_Fbnt_8Vb9Gzirps+;>Tsi;rM#$=P4z%63QqGaVh6 z07BuBixWLND%-oo3zp*n%MaG!6~mg>Rnb$^**$(&=)mk1nXarpxgRH(#2~tDV{Cl4 zo|EFp+iiV}ou>wG;bL`N?N;Vq&fUD9h2t@v*X+F{y%I1diOU8LRniUkGGSunHb!e9 z7PG6B`6|RQEwW{O|1H9jQ*o|SXR7Zail@t`#x;$1HS$zYXqQb`;3@y8-8UOvxU0jp z5xF+oMG^mlH7q-0eoP#Ib)HoHw4$#1SR&bUxYa&%vCjCys{4qXIh_FGFLjpEH3BjfX^qUX=WJCmgL2kk`lc{&TfU3Pe}zO?_Yl{d4V zDP|u7j<6j486YaS8Ar|!b#iPdS05^pMnN*~#@LFaH?P}<8K!UL5+H@uyc^r2YJgr8 zZaPV=$S2gzn6zs)$%zP#$}z2ofwBBn0guxnN<<0g-&)G~@hnmG*NiqukMOY<3B^sl z#x+%Cg~&hZlfH02o5y(JuUq82f5+VblN&2u^+4%?lZfT)^=p?e<{jzR`_60?`tJD~ zsRdg%m1I`�E+1b#1G8IhThP^$#JPxdILNB25~ z2FS{Im+>tx!O{(Q^o?Pi#06`)ps2^mU9;n0x|W!F5_j9-YvNtNWiNT+{K3e_T@>E5spq^eHaW zMl^UY3o+6{xageuDxy?4Zn<$pZ<1PwKXA$1_IAF{_sc`DRL;#SvZ&Z)1j#TTKoaQB z9iSxJ_S|KOhREacXjQP!#;$+K1Ix2_BmaZEo14)i08M(e-}(^G1Iy%iHHDoZuALF0 zPTjuW5iEKF8p3z8fh6c!9RIcp!Z^W?`&l31TXCd&Fsz|UXHeVzkp3$O)ykhO6YL^T z)ffC|b@Oz8rOVw_ju5R>9lWO0*QPhg#0Cp)-3sL6k#V@VN;E@I=SzYP(al#;Pt}rQ zdb)5TzvNZBqi1H})jy80GBXv?rk(zGPjyMU;iyzFZ74J=eBAVAi+;XBf`O0}tOMHP z{1CMZP5SYzj=MWUT)LyICr2>G)MpTI8jVxMeFQ?h^5R~)Kii88dkPO4eU&^4n-m1h z!=t6u{(xFm!FiSj>4Fg(#v&ea*kiK><#u=&S2~ZzxDNoPA?a4Y6c8s$0v>5YP+ski^Zurrm;>d64aiFd}RqeY}-I&lu7atjDHXsJeoKee`a!Ud6R z>f@bPL!|o>EH0G;vC8#`iY8fBix$=e1{vft5#)BX0U!3}^GIZD4DKcNsLjp6YC7v2 zxP7W?0xiemr(V`OtAFNMVgVJ8J4z<52b+hOWAXQ-?^ZyqBWP8f*CD40e1Ck) zLr}&G(i3pt zir6Yqt&&%J|HIJ(I|TdTwq|Wn;b6y;uUj-;8Yf6%^<^yCMF58#5sP;G=8~?cUVd^U z8{U7BT``Ej5~mvdCDS-#Q&K5&HdeUBb<#Big|{>+Tbm8ZCim)}9=gL)Ls3z$5KgX` z*`!Vz`DG4-)x?LP7dZMu-swE&`Z>_HLTqqzSXVrn-1+U7!qF|7+;EIaz(>l>vJ2V{ zx}<_dS=FZ1^R~AtJ_0U%5?Fz9k7&mG9s_2@>K*N!FCR%NiY}^y|8Cn?v$;7MFVU_a zD6aSCg^ppitz*a{RIO_BBa{Ezr7k(bOZ|+;y;jZ^P zV57PqX%1EQGgJLHzHb{uiM*oqRa{=c82_t*T3g;t*5Zw!%lhl9m!T1S2lEVQFVcPL zZMNgw&)h8pw$Gk39}3`$5wq*VfJ?PL$nMA-A1V zl`R=vxX*?*_}6!x@2^mkw9rkt)aW;#KAjrp7Fl$^l#N?$U%ywg3CDlj>R!> zP1_zGfBtVwbTzxkt>m_lXSTxfyW}gEDLD=kf@>ku5^QpZSuxdlVDX2I_qRJ3Y?_NE9nhIWYi&??0+&Qgsw&I0CIE2AhSD-U>SVe+GjZqMX%B2IHGx+1;C z4J2}|XdJ3RBY(AL_?{}F39@NPjHncHVj4x>vkryFv(xh&_hcy+9#-#0NmW71N=^(uO`=R%C064*S>mh&R(o?d7ewC7gz4%n-EEXIWg@ zXIW*vmjf?m*tC4nr=NsGhL)iW+oO&u+4$r zv|q%l%?AiObz?^@+2V&aiXqnL9c!pAAK|LeOG@Ymc8M|H3|_kOqBK_WDL>00t%vDR z7uQ2_W4Kf6W@;IoBZHNz%y)A#m zW<&zH2Zt40J5`MAQOEo_FQyYPHf*z~0j+_NSM|Cj4L^_lVdNljZVtUC!?KH=J&n8yD@6PaAwJ_@ljX5cA-HD;&vb5GT+=5*z;efuBg~GE@b#XN zms}COCkSM3g_p94D{7B)>NkHHk}T8Jy5aU|+vBeWae*@nQk)0m*w!luv0iVLZjk!W zEYt0c(u2h$A*4xD{nGLEW)ttc#uDGIC1^xb!=tA=fo=!4K5X=M&j~p-5QQp*u9OhS zw=plF%_#)K61OKB;!wfUJEEDHqH$O2wt4&fT;p87 zG33;H2DD!zE*3nP)EP;N;f*jqYsNgd%tA^32l7UVsWE({hH%1X^4S8(;o;;WF8V~l zQ%Yh<$uKnPlIZeyX5n5mtn15ir443lwD&bJU9AcF@Ex8l200zHy1E){2)fj>5OOL) zH&Hb|T7Khxgfd^K-329>M$;JCsHxuKf`5lT>DVU=IaqO?$bT&AnpHtlZKlF2E{BE0 zpIisl^rgLtEk&;$@07vCW%LFcUT{&P_rF}Vp9LU&-__Ssn)B@(5^S9re0HH-x{XMy(~qiR`i@;b~mZAiis74`6^^Xzut(mG4`{rrvtncAL8 zVQkiwJ%>4Di!80O6fed)o+)LGQbF3_a@Y&|ReILLiJ@-++~6MU+lg;8y^VUzJGA+< zI?N=pq&jrj{=-8duP%O8o8ZUdHD(LV)h7Wa3ptIS_9ye~7R_BdS7N--b?G9-yUAYM z9zGtb%>~+d+f;X2*wLtF`pbm(hgLq5AK$yB<&9kigAC~{i08#NMol()G8P3k_SH)6 zK-g zUlRChH%=h|u-0wy1)TY+YY=%T4LtqY z5g$%dqPPl^zo6B^6AG%uMl=0Kqp6;^@iDq@DH$-meX0?q*R*M6IIp#5(qT~%)Qp5_ zkp|TyO|Yy%c~lN2mL&_V0R*rVkAIiKow>SuGcCB4O?E^%pd)?xmF~;Hf4=ltt6i!P zIu+c`p%wS#RNoF`1nQQk?qC`EgRzGV zWZ=R$s^c}}6@<@gu38}_R{zTD5{FliO(CCpL92x!$=e>#Q0hpm*UA5eo9Zcr5G%ct zRNnlJ@@S(3Dra_={at0+)Z$#%^T%fl2+AAb-KoS7E7eZp3=5=kNVMhFNa_{zArSas z$PY9B{T=+kd_mn>;y5aLQj>^{M2@6;Ln@r2c2$v@yitz4_K$BmLIN$WY=|?Y;CEi@mj!QEoF^DS9Nu*;iTbuQz0uG+?dT-r2CihD5AIs! zxkoV>ceEN#negzwE|GlwicQmYsJH7*MP$oZdWPFbXxgz(6?=pwPELc8fwO>DLEe$? z_00@ib$!`+A?)TxQk<=kQpy-~c9%4v_8eN#zO(Mi5>cYOy=cMEy!LgquC+h!1>bD_ z{;+nihxC~0yh!1{VOe_hPpVN!Z+JXMMCMxIyz${&bC!S7+tme+|4cD5LauGy)s3~B zzDeZ~zW?&_*BbZ@AvS>}f43et5zQz_M2n}5*SNQC?T0EUPrUVc0|OD}&S6yfSkIl+ zmL$>FPsh_edGWJOQje$2wI14#RJ6YRS_dig!u^@K$U?;4w8a*7)# z!Uf?+d3J~3E1oEiKXx3wBZn0%-v`oA%HyD6jM<5t_Vy2sBYTyVZ{B>DeC+{^2GUoH zO(Or}gJXgd;HD}MHLVZT7msCv&jT58C3R(^fAfj=LH-3B_LF z)V(kc6BNSKSK&q5-&J}`M9B%o9d#t&hUMgL*Ig={R9ukW^I0Z-YD$6hp-RS(tW)rz zJfvld64HpL;F|)NIi$;E^94nuT4L;gX7|ZAoeHnkwAt(VDX5LfTxiJZX^<)XyvphG z>kbW-#(18O9x*6^Cw%c@!MD->Qx+9|IF9LqeHEC<%7Z3&{;;y6;41H#mk7k5ACEs< zcIK}>-G4ea`MU2QV(&FB;%T0tu0re*Yp#PZw8rfnsM60EajAy1f3&~1LT#oUCDc-Q z$D`fTg`85`hfyZP_pe#UG#ytTHiurILhPC(#i~oVTwT5XD4)zwnKuj3?{X>WMKOw*50F0nT%QU*MJC*7<9BQfA@x2O;fFXt#qK)Y}bX;7d`Vb9I?f{l|}8 zLSm^*EXzR*e^HpVi5z zygrto-{DNaEs^hFKdojr2Q1)_-7e0x%zu(-huUI(ukodErko`NDfg=)Qk#dgP|lO7 zLdM>`A4vARbKfbmMae{MB7OinJ_4N@+0rG}pbxe>Lt3MIb=wZjtQkR7QPIaOrf5+a zck8Q=HSn(sFrAUViJ$ty1PtHl@dWxkXcH)7;$GZve1|!HYih_<_cj3IAnYxf5K0f6 zbu03}UH+=HGkCm+=F16f zPMWV*>Q)!MJ@Ah8;XEU!dcIT(Lr21g_ip}2U1CYOj?8=JU^kU%u*N!6br*2tbef;S z%qvz7dP}KyfRStDi&>588wY|_Al6%LANyxKr=3kVrNLF&<4MkAX|66n)b5fh8mwY; zz5weKRGiapO#Y3-X0hJ~@1$^z$gb9W^0DZ(k(w`=aN;=)P=OfvA5<(WZ!ldKwWHmW z;-oA|hBlu#&qNHX*CSDg8H(Dlpv8y`>u4LkF(F!+OB^Y1tl}8<;|BKP>hYmaw(HdJ zqyp&@tjtEx90F5_l>y*e^g;dOO#kaDe+wlQQ%rosbK045Hq2}0sLAX+xn6p)5HAJm zRO084@HsY0b5&bp+mkic1Yn+($%BtckFAoT;&n$EnOF!GpvObgqVoCRgK}=(0h5mM z2LyYdsD`sf<{6xb*EgWva~)>6wY^{<;zUi*eT7altQZSZ_Z{)SF81&IDX^Xc#ilR~ z<`u~r*N+)vwuwEVwYK2I(crl6wB?UZ)2id=QjcZU~PyVm0d zB0Zb(S>c2hZtge`SGT1PorfMg>Ypq`p~m+S8Fw3ndm-#ipG!ueZMnQs{I^8qLVEAX z3W%|KraEXz>2j$?nrkL`89;7j7muWuHWJ+3uh0Fi%=B4ra3mS2c$abwP96*%RjuTi z6-94&N^fv#?)S0ux4vDquJRu3sS6e@MuZxiVVxOrCZDVdk6L$%;#;MT{G7p@WK47)pR^FAE5wLOGg;Y_|yncJ<>amRpm#P z6M%jy5NZ>-pbu#d_%wczedGy@G-3&gIM`KtwuG-2k(1zQcU4VLq#jzwi|C&|pgK$s zpjZ#=L~KmPvu;Uk;v1nBzpC*8vcf6Be@Ojkfu~tAFVZ0tbP!=7_zDQ*&b{lnY*ubw zu(@}9q3i58bPe!ei_g@$tV;IC-Q>pNJpQuZ?cCERWA?z!8xNKVG^Ixri4u% zyw3P1t9zFD3|{ftzA<>W*z(>4y$8SIb-nZaY~;CuFB92V{GbT~NS&iNc=eWlbfVf1 z(#A{VmMI8Q=}O@p$}>`dJ`@WZV7SBufDh_L;+AN8=6M?6?oDY$ML>T(4A&E4pH2w- z6?eo5H^m63mt64lN3v-cm;yyEUTzMg=lkw&;0~|?ut8$DqGCQH2sF7l_g-)sFV*0X zP7DjC=1gcZRg83#8;bYJ_MaR9(PxU>pUaT-;D;`s)%$#j5y0f84gwPu0&efvw%765 zpz;pUMfZ9ItCta^ZN$(992o$qi+y`V2_tMN52~*XRjUotmt~<^vCQK?r53#5wZ2VJ z2KWQnpgVq&^WN3d^b>9FFYrAuE#~Rjyk(%7N5$56^R_?jpkIo}N@2P1-Grgy%M{h2 zkVbi9;#Qy?4WcLd?oYdIz!pszu))jMTIPVRV`=dS<-PRxTfL=OC&WV@#sQLAItQ+`Cynbp zv?|E^GgCz(eou$_N2BW8DKvmu(^dAos9!>3X&WP6anleDh)DIUdYmTmTpX1{J%X+g zXaL0gjRG8f6xINJlkpD-)Ycty@6Mws+0MZv^=Rf(Jo7I0fHI{;Wz_;;e>vr=B> z;nnQDsYMw;cN3@$mshtP8P}7V*LD;q6=-a9q)%hxYn*p_=&NNEJy$e3q7D>_`*b!8 z6XU|p(G*_68iCUx&C9szeDu?kyJ4X2Eg-xv%nSwaVAUf}G=9H)!u&Z4IkDZcG4vP+ zB!H6$yzz!r#4uenU~Sq^ISY|cI+ee-v>RsqJ`ePkjyZ5?gJ1r@_$?HE8PAcbFUkWB ze>}&hATm@hXL5@*9b(S1qNzyjH_y(8H~>7>q2sG>HWNdJ^Pi4?=;Sk18v#z9oUR6# zw4Q#AXgc#k5&0`}MSUPm5niyIDdrIBV8p;rw}SB2fqf;RmS9H_3-JH+}8 zw_&4uOmGG3lRfxnc=d9kXu3SoyPDxB&?NGtZKR&$=L0B?*|!705L`yXe!Si3ms&H{ z&HOF)L-_-*7vzh;imS*@U`W>A-+ca6t38xuFm)Cl${rO}cN)V*)RvxzND`PBxy_z8& zeo`Q_bZ(si`P3jr@`fLB&;uY5hs|e6!2?`A6EBeL8Z$Sm3`VtFZQ>yTX+W!s1-%!= zXN}o&F~|ALMneLz21az{b}!dNHWVE76g}{Yx!nQiQq=TtD=HuTVn4S#uP$&+<&N+! zqg~m-a?@u>iN^^@1+h7C`ordY!Iv?hg7901PZGbypfH>kYQ=3FZq$dD`L+(7P1(b` z77|tW4mpQ3w8W_=SK(BHOUiWEwKw#OT+!V@)E(i%!9Km{_7_%1HFFlR+Y&GZl)bR zZNQc%-2=M9uePNCpgo27bwDENvaDi65uxLH6{;@WYs=|qGHNV)?ODYt`RaSNDE8df zy9u}!%PYD1$L1A73g%>?Q4Ruf#d$NR$*hA?IhWM8kQ@m)?_FEi%%GJ=*7ou^eP;)b ziv_xV#R4UyujsaVSHjld+RXa18P1J{Qi>0JgR{G=iMq%^Uc3y_FVHAn`Lt0qSrrL; z=5F(?YNFDuZ4C$o=zU(pR34>sMrVQUE}$#Q#(pzsl6BP(lPd_V!96^K#U(|=UmSnw zC1?PhEka>{1XhQ6FjRSyQ}rycLs_z*#`4>^H<;=(f+{I$Q>`;cu*%D!whmjc5&A}- z2fF%^4ZShIKI#KWPvIXsS0>RZHz`~#J}R^pxDO}LPVv!?AjP69Fs=sua~dn@M)gt; zgWTgDN_1BS&K;H2iBro)hY)Z4o-Ht}MpXY4Pe@z(bUF)kxnT0^%n?N3;QHrAIx@RA zHh_X<{hiS~0IVoj%l2nFH#>5yWzE_(0xg=Y2&Jm4pY$j;iI%c%eWhkGSgtUGHw5-H z`Lk(Qkv9J##`{c_Ht!;-c77?oggE>LB|5=@biIa?9?3c00@r(4TuuXP&y96lk#re< z3;ECa1MP(xN{1~m>s6Jo^yrl|9bYqL;Sm}iv8P9n(;`&cqREs z?WQd_Sf9o(1*$U@Fb{QdA~YZFAI{%1X)cQ&*5-lw<+4}gh&Z`o*y5C8QY^haY`*vA zGk1b@FL*!HzGEL?6}=h}Th`!zG9ltkVvJ=I34Lk~tXH)Jp~a?J6rOnRNBeb5Ee$wb zd&TF+4@c>xjb9H{gK$%gQnhiHrq`con46M5H=gbFHm4GziueH6KJo#O(8b=W9=+2L z=F!}`5A|RVy-#~UZ$_^HCIvc~GN;&KalD&Wwq52GBiUQ&mGn3|wmf>StZE>ot4hf3 z4g9iF%EWx89pyb&77u*PYyIc;Bz-qk-vv)rI!v+_#iA3{E&-L3wwai~dj6QRW~!yc zYyzJN+;cm&GWZ`5Hyc`G0chS1`>+-|glL_eOpDfda9vfNHFZ-K?kQ8QraE@c!m2$& z_0X4z=)rBK7@fE0;v)=DMpT}nyzHC;2raI6yU4AjgJG;#81;LT8H(XMe6V`t#9-j8 zTG-~3kp>jC-I7;I$3^ojl0fn5;*L*URZP==$iZ#kwW%Eq``DN(Bo*9~ z)@Vuv8lCUF0^r7oCdz|Ax0NOb-=^Ry*VOgE8v;@tp^rx=T)p#Y*GWja$CVUvLi8{p zM!sZcdg+Urf6W&GPLAha?>zODwqiyI_>jPy{XyA@ef;Ba3{;fp-j9(xz=eEu5ChZW zQJ_#pk4K*b!|MG|3cJ~w9w|OCpDB?4EI~F}6 zcz$}Id-ZB!XW(Rd#1NE&Y11&#b#`SuzrRB6V4vHj6(=%TI{m`m<_|fL1Fy^-Y$iU3 zP3K^*h+<7~To1JU%ED#vdEUE4?z!G zSRnmafk=vIRCXET`6!dZSePRn4&10;$yKT@d`yZkTGx zUa#3Ti>1q;GSjpO1Ce_zE;@GYmQFvueIEDzoIj5l{P4k)weY;VCZeO5Ja*xcfmJcS zSAY#I^Vq3^gWe_YvKYW6Axi#I%d_F_%+r4OK`mUQ)29M&ncTiNuxYd1wCH|2^#In( z;15MyNLsfA>XCh>GMvgw8%#q*r9JY&0F*pBTiYK$g{JU(`^e;D$gI>oTu9>sPIjsUn3b+4tSVsgOJSc)b=k&GtI| zfVGE2KOA7JWS;$vPxMl&$BMuVuy;qGtT#A)Cvi-`OmPuBN*%S}ok^bFLfQtQ2@J&0 z-v%Nyyp}!d_dp|cCf(bz_^C-(rLJ(B`<(5-fvyMXHIRhxTwFl%d$O_iLDrhmCBhP- z%+3|F*0(tdP$XNN<052u2ke@+27Wwr1Kt1pgJ}$%&RZ{+1&3gaS!;4l0H(N}*%YMC z++j!?6(9uyVa1c&I0SA~Z@6$_tkb8f_hDf1S+!|1GU)~yx3}$yFDCR)$@)BQC@7Wk zE3MA)ReIDwV0X3U`zB56k8>-cl>sFRAdONXi8ztIbOk&i7?odW&I!+wh6Ha_PEW{0 zF=i{><2ue(elm0Qwq|g~5N;};z`ua$vk@tZ+Bq(0ULC#HJ{gMjT?_U%sD4*sbbH-3 zWZZrOQLy&GwEs7oUw9DL!NyL5qw{3=`bP!QYvJYTIUp0O-qUmf=$EtF-Jnd5T!t2| zcOe#f&WdH=Cl>3R360=OYu0L%F`U0D7tr zA;H|SBvt)%%a&j#uB??E#O)X0r>-UCPx7x_HhWpiWR1DUy4|`l9;CADu}SaOprd#m z>f6;E;&*zZ0Is_W?$&o+D-E@Ls_;?zv99nybIzsJwHI^GClGP*K zLkIikGehSXeI`cz2A`}DLu>EAeyu;G0#>cA%(J^J=F>aljd1QgMvRVkP7mrFE?8)n z(*?9y(}7S|3b%88j1tIcf-oa2wrkA!W5v^QZ=)8 zn-G*ny7E=77v!3^P%w`%b-i2ok3UOA#Jsi{#6Fby@?OW3abDM%az5+MdnZAl$FUb? zRH(~L4SYgo$4568B6r1x5e<~4LBFA#H9~kxDQV{Yf{~Cj1ebH;WNgIhG@VKx_$LU~ zem%!wDrc;5|Hf49xN4s{iDsGD=vf|?)v0rHTYz{^4#v3*;uYthrlzQs>m#q8TJcc5 zpS~EBMkq^ggxx)FKwNcTC2>7RuU&<83_D0mFCexnXW326bPEaxe>2y$de;cL%F&d* z8>Qg!U0?Qes)B!p<>tKho*BU6wK8EBq$0d(CoIhFvb|-snQBj#PHJ^%>A`|Iz-b@c zo>merbC_Vhs3uH(Etz?P3s86&g zc>kQp_7^t_Nu?*)KmDFc$0_{5j$G@uY|*I`5oK|A&5A;@;yH#{7<}>0_+41`x3V!# z*UDW0XTk6%ANb&HBICJI}bLvi4o0j4&!iKn0}=0xBJ(6Uxv; z1Vp5lC`AwmNC~~DC>=uYO+e{HTIe9XHz@%EL}`J9A|=HuY8dvDbg^9UXr_t=h_991rUMg0}Yz#}}6Sp4f zhM|@xa=O+s$_{-}cF0rRAAcH%wV=q49YsTZn3R%LUD$riby z@Hw@vNyILa{r$ZfGdgZ|Sa~er!G2E42SY=(0`{JF;jF{F3U`yP{s zYkN~l#!Pj^?_1ZdF3Xp`zgIrc7ZzT{SRFK)n4u`z0{1QDOHb|WX6hF3rVN* z%awSwH7B*Clw?AmJdU^e8#UD9u07`rr$rlKR7kEMrrecx&xL7>EmkfVZ3aZ8ARNcU z1O#Y_;ak7wB6JJh+$7+na7XSEMu=E)<+U>fe%qKega`*6?{w^Qbv_lgG}n^_gPVw& z^87lrTj7Vqhz8u#If!@v>Iro#>~bmnBKZQWcrF)n#fegD@#7G_B{3*6IB{-ja2Uc_BdlDG9xWL3gX2I7zpi;9Nv1# zUSh2r=(A34JloWrJm!>zvFu%aROmv%fet<4hZz0}eVgU|~Q; zR>9oo2KC{=yB>Xhn#7rgXXl{YM%P5x(h%e(n6TB~Zb6-WFqrIKNZq$Yo%h(Jjn4C> z8EZG|bj*;i@9szU4nUdYC2pNTIElHz#UQeBW-2dk@wfJO&5c>^n(tT)=RRki51G7Y za(Sx!DBo7S0Dk>5UC8pn!}83L#YalF!RxD_n6@MVJJX+gTpUlj>tZrTa#W9A%C_c! z$vYdGVDwK3HwagBA84<6Y&>syX}7aYw?W*YBj@Hy$xPfq+krKJsMrn@@Rs)-=bPKJ z?1taz$z22V1Rg48mi5C|K(nuzV@d_u3z4$dt7p#&z4}MxPLEl(26}#0hzDJ+U7Kn) z?iH1ZW<<-nhtzm<(%G(^iDPE0AX>t!0(8gQx4O2qZ0<{ruwlkh4Rxs(_TEfIO#u(vO8j5^jP>GMkego!6)18DcNF3t~< z!!bnZu48`)oF#iH(f!3a>3DntH|CPX;0lDZ5BmU;v7`C;!C~>~^CxwtX&!Sjr9VSv z4hAb#+ex(=`OM~iMIU{#ai}A~DzYc6_*4S5s771iJf_WG7p2Vu9&u^o(S!Bk7GSh^ zqEKws2msg=ST#MLL;{u>XsO7b@irUW>I3ce*IzXnD8jjA!3Jjbv$iZElEywv(s-J( zl`ZjcZqzo?ZRrKBn?}VLcrP^ePF3sM*McTON8w(Ne1jd#=-U?n`1e|K?b7`!Cgd+A zvu?4AS+^dw)2743(p>F_g5!sLV!)zxFI&{TN}m?^K8#MHh|LVaxT);Z6y(@;0m@E%cGC&}l8R5bUT`e! zjSx2r_ZQUE2uSR}qWSjbOS&>Y-0izGb_t)^qdg{;sN;d)Z%t~0g{m)J`*ilJaAZ2- zIj`56#@1rWeg`nmv~yKWH)^rZ0Er)(65@v?7wG)w(wjfd~?LJ%hFRhJKH?-;@3 zdr_U=TDoOwgP(U#X>!p0r(Lk?eApNa)8e!OaB^dQ|kSNVecK8Ug0d$tks@Gjc!KaoOD*b&X(<@D;tRco!PyAgdMj+xa;L_o+K z%bHlwG7*BAZl1UaYbLDzg%3H1$wSi+6_65OdLU7ra{r;eMUd7nN)=cx zTK*1Xm4i3aBvofByL~IjLJZgi=8^5fT@Shl0;MRfo5cnKexeI%&^DFhY5CLcO$c?v zgFRM>+{BAduhW)MhQ6%kahJrI1}xA)9<@_tAIlcTrY3x_+#J+oF4st27dWi;{dR+s zyDbWgtnSB@@!yd8bbDZdY4O(56boHeFRL(35qlMtMePAjc8T&9LhKC4ZkeMZ8_n0H zQ60oddc(t`@Kp~YrR_8we{m|FI>Q@u^!z|nz_kNB%?G@( zhj3>TPPso47fRVhcaGjF*~gkk;YgF?e4S3jh-NXpZ9b4@g}2ldpGh$IY{sCvo85@LNo zGu4(9uE-aKR58%8z{QO$wSq5pwyc~fbU6sm#?2g>aGOG7<$rBX-zt0j8HL}6J>KdJK9n1JH>qjD+)6WFx2I!2%JSmwzI)PY~ zwzch6J&$m%CakKX7RU}m3v9vLY=@Z3 zux!>o@e)pXm}}&N2WYJPE%jY&fbG0xltE_N7wY+f@}(Woi1j~v`}q6Hm`C0W&3@>d|OXEr@qu!ke+Cw13Vi1s(r%g#{EtTJ!Cm4FJQj;7O}J8V*XgSB_sj=k(!jP+RKbOCZzS$s z&OqN)^1~{r!?j79Yi^z6)L}69jd7qdDG3{`Rx6RM*5XrbM3Ns#3CG)ysXapCUoBUC zUYLG(bHeV0daFo7=LGV*Vu^?;;-qf2tRY$;pGT!pHVSzWh}KYcqw4yOV*oGo9LPAP z%1mOLy~*1zP^Z0;+^T=NFq(5%+|z%$yYgb=0ne?Y+`DbRRaFU(ynT_{w9hQXD2IMb zmH&tvW*uCS9iIC{6xSvpvDVP|+ZmuOj z2)Mj{+9ET;Q>{ya!EPr8iA!wLa#@rfKf(vBK~XBB5drm&GmO}yg8^pank_2lucld9b88TnJ_3!cv-JkJ(yXOK-KCAvYTo;*bVo2 zAF5Ql+C824AiEnEK-~0CSKDJ)eHx6lF8wGn4Vm=V)@6RW&@=jzIt}Xx#FBFt#=M@o z`D9zqMvj#O!07PbH{7@`8)C3Yr?jawdTeQbL#^O}Xg!QpBe-z-I2zvcEHjiC;@Jv{ zEfofJG?9X_#QyE<1M;Z!atA#ZMfvNF5qUh`8Ga>5@O+ zW~Kb+jihcC;0%#_tE(9ylXY~ZrT4avgYvb?h7fK;PIH0#s8+&CucbhjnN`94L}U7n?){UdoW zG6fku0`-`H+RD%(6C`)YetMU%m|5h(@wyDiiV4r0lkRTr4?^vD*N@t}_!c5{54cB) zrt5v|Z;|+ysJE+R+Ay;+Ek4T>TZJ?4(ghs7NOJk%%ABS{KKcAmp_{bAP!F4xCM)?7 z_his6^=3&$Gki7nnR7ZKHer1cFbFxGy+6|mY5sz~x)EHWw?Me3?F~ptax+cF$G=)X z+6wNmCd#rA18XqQ=POMsQ^{SKzKKN752)%k6wLZTjvrF{O2Y(o8=2{eOgNf;=tRlL zD`E<7!x@=s;UI|^De?jC-BtwU7H;)+PB<dlC*aNTOol{> z3H9qVkC-P^6$PEndwbbJQ{MPSHBcoYLx3rMK}rla{kQ*oWU*GrMb@yS916+gRU{he{isj~+&sL-Dno9=+e>bN_mTeo5ssr4sefgWjR^6O-7pMMCWEh_Bkfmau zS!DrRyUvF+Jic{BXNorfJ%@t&7r;!U^er*~^G`m4l`kF0PUDiI*s_5X9IsrX zYy;0;=SKmeIRAGlCy08dNU{e*(HG2egH}a&H3@HYZCO9)$^+@+x{>EX=zDTL?Lnuu z+7CfhgKW--BK@W^$^tk~2l#4s?+1Ij>Ek1J_uw3@)DkkQtE{E~5(CIzU0?VzLvl2e z??teEL( zKiD&tN5rj$h;9~~{t}=^1MtHeHBNKSCW?`&dpn*I(EL0YR$9?&Hzs1Fax(o>!66^K zmNqWr4_uTLIStq22qaUFv8ZFEoEd8Ao?OaY6tGzWCPWT!$WH0y&6|>#eONGuj37{2 zv~uQCn`*n9fta0o zAc3G-m$U*kl2Lq(n<4f%xWpW*a-|pd{jlFeHo%ZN>`=<*?~1P z_?fOIjar8R1U8X?BAK>2d#BhaeU{;|3IbJ0F3!TXi&mVUbW`dr&~JkhHyiCqb!RR! z?h~=7=7Scko4@!Z*c2bo^zB#$^DEyNYAZ0}^c_oy8-xAvmDAkHl9PoFzKSW}%0Q;j z%~`>sg7Gt@U%1UvXO;yTm+p&75Mb)8Pr+cK^q*SK;;9&6tyw#-fDbU$xZCx9JHYdh z@4lyM?(qppHsKE1?l7ZozbO)TVTzR~J&wzndBw6~FPQ+155e?ZGYu}x2+|4KCgf|@ zb;iWJyeOPt@3XEV#F=6F(9gc_&}h?0(*8}i`_9d;58if1Tm?TnS#WokDFV{}hID1LLy32$nabDo z4rS7$;^tJL+rnNdg->-jqQ$Ot#fqc6MBvA{vyn&$= z`W7ld>}Rnun#&+xZQP(gKyfc&3=_n2iWouEQkNuX#Fb3+W-+7 zo*wCPh%41|I-|rJhBS)er>0 zh1z?p+cG>H4mcV&9TvV^{l*3Stu3Eh*_3xsuhM}hN9XG*lQRH0-2sueU&eeOtqjtK z5V1m%6uVVygzcL1wsKf|G>1MXM5GGy(;BjpeU@lNAEnBs1|5=; zyj?Z|5?8kU+b28p=d==#HeZ|emS+-u{pA3lP5&k&&!H-#hLaY}b2W#U9A;SqR)gV( z+n#%|{N7JF%`yCpF!U!96)5(`PfB{NQcr*syLN|o&4H?&4E=yg|K?r4jB22u|7}bM z6g6g`EQ|I7UVk8O$4ivou;TgyCIIC38>~_RMv6CPNT0OopYb`smg#c8>%MT=AK!+6 zSv=owCm@sese3%>%6Y@aiL@J;EfMkC>H%c<^DKH}(-xhmisW9n^r4gX3zF@9HUOQ= zI~tN^-2l4!9Db{c$&ArDSr8U|N*E94{{3sF9NKF)2e^Z-xR#9xnpJ?{TXzz}!~ z&k;M@{gy7G<7hxHpb9fLnN6Iv#};NGnMJJEK}2eDmA|Qsl)@GObjK(CdUdIB_et&& zsWg=u=oXLdSGVn3!HPNO+(t&F4xN? z<)PnPDxmi9d6E}5(CN+55CBvV=sJaTzi~xd`{wzN0|0Sxj=n{~IHLkY50l%+EYU;3mjoLO)y;H#SGUi+jI=JCC@cTAkZ5gX z0yG<2-fdvw0lK8kgAkBjD4>xh1#<#r{Y(GR6FXbf#(S;9{k-3{2f$^T5ei(Ur)(h{ zFO2peZsd7A5S%-w6Rl6Tf3ZKJn%QGMc%}tlcK3#e&KvZJ>m61y(o09{ z{l9`XiPkjGB?iZHHqnLX-9-!3f+?p@Wi~IJ14A-EcD1;Zg-D0n@?L!5s#WZ%g)aic z>Jgo{TPo++q@(?j(uvU)G0(N>Q=@Z!sf^<*c%n5nUeM@Z#S3)fTmE7-iikE7;kn-= zu3*#oUE;8YLxoqfM@xMkG5u740K1;M0*$pA5t8TTNTM0AfF$(I#AZU_Y1LY-hS!z9 zf6oqZe*d;-p#bT!g!p1y#}SQ=3lYt8^(tByp2kV4gY{2vF~)k>``-@EY1&F6lSt;k zohG91)0Aflww`wX@wH~@lg4~8&Wu*a(TF3m{+HAHdoq@&6rX{s^H@(@2VfzHhv+; zrJGxXkB%Yg*3F-cU*Z?*mc+Ut(I`ulUUuzBoSUU0%GUj1Ekv!k7JpxKu*P=z0qBx^ z^rFWpF@=k-fTqfg=oGai`84E&U|7#z)7Z@HzM$j27E~Axv05-twRl)EPhVY9MMd^! z_FB#U6a-84wy+1<3q>J9Y`|mVk@hymv!Ps7e5)rgw*pqOc)7cGGQn(H}^*Mm|w z{M5AWvsyT_vuH@35!uYjRw9f}=IHO;a*=3b0#$jk__!6-*bhqKdNSDxuSgCTZ|nHi z^3z()h83csDIrCvBOeeqYKg3b&z;TCOHVWCkwJ37`)yb03#BdlI+N1AD$@B&30H-^-RsNdTtY{IX*pn^&Bd5FjKOeFK_#{#c9@WwYf^qXL<}fdHp4;LQ2A zOc=M%`+TXzov({9x;Twe#nL_mr4k{hkl6iLx3MV%d-G9WtnCx04#>JE8EE(wa=>2! zU%Oh7Ij+;&l9bjBR3-a;`@%rU0MWOx&2`h2U@_VKK+$s!Q|sUlZD=$9iiO-`_+*(&U00@^_9EiDO%eb#sP?I1tC!Hh}a6wg4{;RNE`z z_5%K{WhyV@dJ{og`TVYle^;w{``v9tCL&x2&}2Z@7rw!?!HZ7ak94V5?{_R5D=aFT zVpz|e0r6%g)fy)?flS?erj6QKCG-JJg%$xxeyx89{Unyc13^xwdYZdHg$$OF7WMk; z_N_q3v28@3QyO+7vOqf*1|0|)L6k%ypuhUs=2`jcj3Zc=d3{Z_EIHOk{H>wgyLoon?7X za7CgK2G0GceOdWNK)*K1cXDDnevJ14P3nd#_!8WrAc=M}HZ1S9)#|-0xiM&& z@MBatb6aGyTL5%!?N6L%jaAqc+A`(3^>_N?lRs6P8}i1ipI>|vi?)e9`2~P`qdK9Y z*vZ`dudqA<=1AeakVBa^a#H1dlHxl|D>%2UEcyYqh51oaykFzj`vFbt>`W40$U|Q` z+q_RImym3{-@+z(OP4}e6|!%U9PGQU;?&TnPFH@8}Ba8h{MEMkG*dgBY_D_4ToupTF@l-B{Qkhrm_@OTIIQLa1x;4dz?K zX19uUUhcXUkO{xFaFY=l0Xbh_^$6R;G)~j;)CFM=4u74c*EbErpTmi_*%}|L8=c5j zD8!J%awJ1(ZNrzmL+(WQI64bF z^BjFi;_WaoaeA^PUM>4M@4EF^nVR-X)&+`vjjNqC9V(_4jOQ;9-fiRbuj9Us{eqUX zhVDY#;N%yIqtM`frD9yGbR8XE=yPEuZZ+3j@~pZUn+$`)#+E$Ii$Up%DX2Tu13ChF-U-M1YEgHWqG@ z-FcZCT$#V;I1J=Lf$`ifu9?nB41w+Ej%qWE!nM1<220=fJv_g~Tun#gUlhvWbNn z(6s0MKQmndIJc3;j{m&9QVMgI8MQhc07}sBvy{fI-5WH6e?;M+phr0BxqgLLUcVOuL}+*;*} zd_b0*gCNW(*+1yt9~$@Db=_g-s%Eb3#RWNfKk4{J&yEmg#%ZtXJLn6C)~poZ%&oEz z@t)yj%6g#AIaD-1O9a#svLN5}=)@iSmjRfqYwvZgn4|Qdcd<*}F(0)e)buvRAl;^xP3s0Dj9SYXQL*zChbdlvA0unw88a=Uzpfqpi-P|YYkZsLRS zfstM|#}lrkzAxm^9tB%ovbi}2rSnPaSi%^j3!yzb8S!exbz9mnLv1 zTTiP%tV?Hr-b>Pt6m1QQb`|E~*xgg=lfc={(3RCf?JDWe3vad0lA}?20gsB29?fa+ zscO)y3UimzkQf@hXW0%*mBlgL?X@+w6L-)@heunyC8qqg_Q<6H-)zcq5&VM$pr+)X zdQCgB(gN}H1f0V0e5%T*XtQvhD3fCzadQ8$fJk$U+lkqfvj15zmy%Oj7IAJhGTfKl zN{~3JoU(nfPmBh2;lBCc`>Mo8tOVrzAH9(j7-k+}oLt?;qYXo-2tNkS8$7R8s8C(q zq20meGUk>E6fxyS#%xyb&{$TEvW+=ss1?kdH#kt;2;Zl%sUy%SOOvW!-HB`Jx&Yg| z7N}($@sS^Sl=0bYXLiq(*`rD~vyS0KdVtahL|vBJZ8-p5;Mm^nat72Q;$NeZCRvJx z(Gz}tysF!LG7iqTPUN(~x6W4tc2H*-lZbC*ivoqu3=6(tvDS2z;Z38c@;?K16j(lr z_SJiY7hxB!pY#<+pHI%k04O60%CF=MGWkUA{*#UG?5{al4;N16@2GSWzu*qq< zOjWbMF;yk>7k-k+ois68DbZgK;4=3`SvW{W4!egea_^bba2moX6RXUwNB9DILw}tp zT7PIke%`>!6Le(=krG^7P6tm$mG+5NgKT%o@RVcABDhw6prO$aTn8T24)gQW+Vl}< zzQxgehct_MQ6vo}Z5N4c-kusXbnk4c=kw;3J71k6ot|MHH1CXj>spT(6N zgtanG`9*o&+ixzNWzzZ&Jh{EPL>JKbBDoztmPh93qpH+{vOS~ zuh=JIj(fadI`pCwRv_AZ+4Ye;Ce;rF`#AVt8}Jf-S5WtxcsRndA3*DBaALj!RdF^H~b_0<9JFzJpo)d}qV*Ex|Ip;wR$+)(>H2{LNG z8J4YvF@p4_%+|pB;7{r8w-28iM#>TR zx6)q>yU(#EtlocpzM3^!2HrC4`4eP-`zSPtrEGm}K&#^X0%IU6dhk42Q*(D&1i^V& z&=8rnzWx`5NcYUvq2E?s?a*rTcEt2XI)u+lF5K;o0Ga)I3$Jyr`K;_S`imKt#~Sul zj3Y(Nd&bRj`@-2x@|=XOQ&)iY&36~=N9cK)Aod3ct0EMe{bt0F6Pp;U;?&Bca(u;? zg5z+m2CUACvy?#j*!pHb#&h^%aB(Obv>2KJ0b#zZISnYe@4R;9`Wgj^9)V)q}kT6|fWVM!O5 z?;1?A`1Q1Fon}b=fzM#R9c; zeI9{>roDw^+a{nKhz{qQL{PP1^E5I}fmK0CsGrRRfb6_{7mh9g+joab!iMU3d&3c; zHo0;>HeM9p5sTHv6F|MNgOl{44uGHCOmAMQHZ4uwNt>)|J2U1dNzw4jA}TZ;+ATH4 zdprI|OO574-Ry{(-(VPbhE9@EpH<*-LbQtQ}j4uF(`X`u*RFkU;Ws&GxprShM@g;Orv?&W&+eX7*i)% zNx`SO2Lt(=d9!A@jpF(-N}4T;ci|SA^@_Z(*}E-=0o`H$_N@1IB$DX9p4Fyn?&G?W zeDC0>;3xO?*1^&JpBz*yo({1Of)rRsDj8ly-O`FtRw%b`$XN-yffiFiIR_nwT5k(o zK60XMzq5wNpZC=)Kp-C(Q{3Y`P%;H-N}bHd_`3*i8!HS9YX*FrfxsHusF)SE8~Qq z%CJil5oU2-P;hhU-8=xWa76~_n-3^{cVPx(NULMRO z`XdVvY>IwM2N-c#exj|{{`gnL45pTJ1;Kc;$+A(B9mwm-8iP9D?vO{*6Qgh&LC^h& zb-Slq63e^N?b>;>R-h3&B~zzepb{X;&a5WJQkzM{6OrV47*Oc{rfl?t0l{qbQHzlv z)ipNQC1j14TZ@wmy&qe?T^mI##e?uG4{GOm`^VwR*Mr(tio;Z@Z71{ao{$FOt1cg4 z>Uy#;(K1)9*{tZ}vTZMP7|J>SQf5g*onYM3zCGMJt`GsKP zo6Wq4jmaFan)$HmL%zUUmYuPd4!;( z(Rmda7AD;1pm{#Tgb%BnJdtX87sXmTG-c|hO8=`_B)NMTaw$@g46gMlax8_v<$$;E zEh&#$!POZLmW|D>0x_^~JKPNRADbnMSc;syYmh%Paa#VjTHN8ZcbSe#WvyxL?=ds+ z5m9wC9sAzGf0)b532+e_9ZY}2eC*JPD0i)_X}mFuAd$D-Jk04Y+q@^Va`5GF;gi&F zDdpayjbzU^EDzWD2VLD}Vy$!FRB{+{^C)#hy5+F(t}uOEpAzy!9=;C?wo_ts0f0k1`Qx#OX$=QFdw6b6>& z@@41{Eg8swZ^$%}mC3woaZu*SV74%vwiV%fvgK)yj}q7GVQrqmt{vUM{inI955Jlk zkViLNtEMzFAB6iKR03gt9FqOBWIesQQae znR3p9$+8%K5KNMfNip1OuA0|TT5Cn9`-KIX?fnuh+&YdqGvPLRa!@s-y#J)Tz`ai@ z9rbb|Im2JUdFyN=W{UqHT}Gx^c5S{cfAT=|EWB z^v$;pE*WydL&+={6QoSzo5s>SYL__y`!&0(F21Yl6m3lCnu$#YyTdW>je`MQ>$Y*_ zzh{fiT-51j{H|0fVA~iM_1LH}mwN_q2!ZnspsGA?ANx8+- zIbI!vCa?E?4_p}4p|{K+Tt_FEN%!K4+Eh*Hd6W?)y{%JXGe6zU{%l=nEr)39qb?3Z zHg;4yC0*XSloA-^<~`Af28;TBq1Yp7mo+<;=k#UHX_&9OZdPz~nt!lY;!ly&urJgG z^w8gG`_pUi+;>8gU(rI6KiCGDJQgXR?use7>m<{d9;aIE|3w*^{T~F%GeAlmR6}N$ zpk(|YB>K;;x`Db;oJiko2Y-UUG;Xl0NvQ_=jTRV!jnj?R2NOBarsBFVflU3bBm5~L zE__Y6-_7cE+t%tWU&D_>h}>l!S#5n}$Kz;7QC)Zaqv{WSXXU`ayBp~;8+`u2`egiT zi0`Bc2(;1 zuC`~fHK_%hvay5iU2PNg2+ov9~4i(9Dd1w5Ik$F{LUitID72vPT z!0R6~2kuh#HI2zB@4k~mt zoh}R?Z$*TEl@WEcJt_72vsHU@LJEKDtbn1C|9k&!~yK#_&JyZ5+;!<$Iv= zyGf4~nHR`?sAUGPE?;_0pIwT$l!a;-VhsUiNJ()=3hiM}Ia$y`gY596eqt<$3eSq} zeoDC3&v=3YbLC~o;AV@}z0-kM1xl<8Ln758_d1JQGU0-Tz%%-7uPFA!5K8|33n7v( zoCd5lu6HX$8|v8-zLQqIN$>H55bd_)Z&wwJ0K7^e&EoAnMM~_VK!H>YL&%$Al+YWo zJ`r4}qyGt(--y2q*5bD7HzHR=6%HtOtLTlLHaN>D9(~og9>JSw+=XxsKc(^Wl`(TD zh8ZFJhnr@?8X%WXTya|?{O>Q2Ao#P=+cypW^wOHy5rg~ThIolOcJk&3=u;wL+4wWqtswfGGozY3(`^??6O zmANNs0SHwIlD@}J5^hY9wjE`MD!htbZz{k`Y-l4pu5^uUsG0(M!Rm;i!#>D04AtAO2|m>33jyQ?W8 z?81K*TxXz6NIM;Tvod2XWLuGQ%YJC6kS!%i-UNWAl7JLt9W+7pcXlcO*s&}t>#lcy z=|(6&6acbFBy|vz&P8aXZ|co}G3D9cyTt2@6G37j&Ad~Vpr3S0%A1mUqFld#KbQub zYgFSk=QS(U$AP?qv_b_c0N^$ND!N(fSfbcd=%EPU7ANpRo^+i}8X+&S*&Bavoyz|y zly;ueI`;c%JP#mEP#iDJB*-KY!Wg`#3fxs7VthTn0@!?sbuKFDjrpDuc?J1*=XpXO zAWx_UO?%=}3T20zlvmtfU(LjpPcqErNlo?{_wrqM2gMjS-31`j!UP=rq zD1S})y1-6AQur9@l;imm!1tD!CU;b-Edr$m_h!%g;NggySXs!yHl#kGbp_vRXdpRGa?p8v^#8y>(@ zh#%m9Y~Epc;DquPCvHi=Cws}_ayZ8{h`0dAv zI8dPJdN`+Gq|N^MVfB>lNX54;LcxGx^WSfaPJ~P@jdBHFrn3%?INJOIlnRP4?`&W6 z=~?;?SIjmGQ~j%swqW%6Owg+qvboyd~=+Sd%OL7Qoo#12HW z70WNID!A-cb5o21xo#!lh;Y*#u+k1*5?gTRXNWLlZDU#Ja^wwk!<`yrUp{e+gWSVT zS|Z1GOr|;=C>ni?1U0YB*>MDd&;&&4v6HIy3bzI_QraA<>SQLc*tjt~M)r_+&QtaI zY33KcKszD+oJXOF4*NHJvzd1_$cCBIt~R(5Oau$x^G|oyQ3-8`4JPGBR`n#^3*Dp& z@UeOL1kHb>SfCv#uv~tLxv26>2Ii@tD3$P0wk(*^g>nhyP-qA4*t<%1V(H4~`S4wn zOWW2fYSguq>9>zjnNExpu%#cFP4hV@U*${>;J7Y}aF=&5hs>)gy2Hvd2FN>|rb)pX ze$ooe?xC8U3A0021pMO`u3qN4{w*Px@`JD2uhZ4@OYFveu^SLEPfurun!gd10)Z0J z1R0}_jMI7Xm!4cldozc`<7z7aW36o@VKc>lJ5S zD$ES{Ib)c1-cQ@`lV1gxKs?_IlQ;Z=m_7-r!sZxw5FsJls7phUIk75j`^Ex;45Zc& zym}N{KF6rfT-SRg;oh>zpAVIQ;z|q3lWv5r9~W0-&1{mLJ|=ETksUBtP5F3sIlF$4 z!Wecw3Rx{he9242NK0l89X9BjX&!3dl3jPock$SkN!dVetbg5)J$9+_PM3tfEW+LC z)Y15!!HRQEBl%8$Td^Tzt9d;2ru0j!xJ2397-EGi{(*OPlFh$0h;HjT{?{o|Qz|>; ze-57PlrT#2xtv`@)Kx#(LEr4rc3j@0D0iqWuHB&Nxw|$@{iJ%MI_(K~6{2kJ-@DGU zx_ zn~v(BN$k^2@cgx+eQu%5mRkQNC`Vp0>H%#g0mAyB&Nf(K_I0u2$*0nByjm(=;-)y)^`Z*RpsD|H8;opa?`J z^RGsoO^peOyL&7}&Ady-3DKio$Oy5z#&(paqjwtaF>4SoOrmSox7Huw>H5TS^Q=l- zzSXff%Z%S$S8F#yGofF{;562T=*0{w6p6)`#HA`4c~f0IORaXOD0)uH?5zu(9={~j za8Fr->=*G2R5%n9tXCy|Zl46C70D1zk0z=mGwr-x$;J0Ql{h%fbx{0=nz7#rh1h#y zXnE+X1UWt54sCMK5&jdZw#3IcdG*i)YMoxXCjx(hhDs#xWI0C6Qd5#7fA{_FpAxr` zTBy~v%$N^LU4o6*eyfV$7#oP{vf|Wk%HZB-Si8s5A`C+s^jA@iG*P?o{}HIOXu$4C z@!j5+T~uSg*(_7=EFmm6maE6_3qk$C%by#0A+iilaGd^3OL=*D)gn@Q9f_2LvNB3B zznO0Pa4Y- z&reePHjMe}g@ke>=l2i;V>##D5)Tw?-;hz2^$J0KjVX&_x|&q>M8aHp<46!#=?ec$hOXPMJ;3-LfbJU337B?G$YwQ0ZJ>qaGl z(%;-n!>KT;qO}qs;KX$wYz1@3$r}enwz4xr9Mjj*0bvtV)RZ`Gyilpwuw^wi_2G|H zhSZ^>FJ$(Ve6vn%!J*=P8)~jcZ%ilFyA8z7orryg*p_j5KIXgdGNbCUtUB!-D`<)m z$TH4)7OdLn*|fR3?o?Gh67D1Xa4)?nriy4cgK!JlfSnMGd^o7F^iYut=gH~R-iWUI z1YQCm0%vJNOc|0V>~nTaQnJ63=`0I(QJ8Q}@Djwrt%qF{zSTtpj135OS!HfBFa06F zfPY!Q3fu2A3sNy0g#1b2`}Z3uv)n6&f<2e6-iwyc23v9pUW^o8JLy>KdpT8r@0#k} zpK<^m0_5v2vxz3Ty}DksK1ygzs(A@;OXS&s@w)~AUz@_keKMp@mjNh)KxvO&kSW|wrtx{eG^O4~uIeD5>=`r~%8 zqZ^riI)Ak_hhQE1E{xTG>M&poUijfiw1~ZHzrfL$*|Wrp&#DIb3KI`W3tGP$V>#Oy zjpe$Amct;(Xz@|n8C4Xjjg%)%_0uSu&;zeW{)AD8+~V}!?(r*Tn4Y!TtEo?syYaEzsIgVYL8)qTrsc{~RxCXEVN^6e3F3wZQRvAKCFk}{?U{u!gScc@M9 zh%s~vc8bkSU|z0S(`j;HsgUh&KAB_mX1;A@h#3i#rN7vA-QQ*of?SbTuMV?Rb2ce!oXCrZ%uv7aN-y{dEI-UN)xqr z-^;7`4UQ0hPn_A1ARG+zDyfX+u>@5JEl|yAnxnxS;)>^H!u63 zlFWm&Ht&9@RP|6rX*zz`1n`9I&Gp~vY!Ogtl#IN9>!!b+(D`BkE#Lai-b?yB7UE#clv(Wv`n0YO|0sOHxaDw^O(#rjO8LYUl3o#@hm}SW!BQdc9F!#eZ?{=n|R!qCxAE_Ae;E zZzGB6*-f|PmJJEXMc_$7`MLzsBDKr9K7Gdk+p^ebuVPpiZe}{Q*A|suQG6(!@Zxs8 zP$lj}#9&Br#M{2fJz=|l|KZ_231sSZw@c0ak%^t^wmQ}X72A^LN9O5~o~F?BX|a8= zhq?sXGHna>hr9t;gROuseiqJiO8SawjZ+2Nq~*~`R-X|9v)ZjtE=-k1*u)h0;j97> z$3oduRpXy?BvO;_OAn*=1%4Qd*AnQz##<#1)$&c8K*v(M2rN`zcsJjf1VK-rIq(nI zb)J#EyS-O>S58RYmqb1zWK~b)4d$Gv*_)U#?;0X=_9PpdJ@G5`1Ij?R5k6h`b`|sf z>70|`Ngd<_M4EARjX?jaB=u8d-v!wANo32blY>Ta#Nl_VOZKQ_FX|lVLE6=KKd(zB zJmNMdEkKkK0;ZBHR!-48ZO6tH`&TQ@43BbpjGBhrq$5AoHLS_v>g@;jxDgFc+^glDf2v+zSCa5)_ z6^vI+#f>PSRMfp`H_@IIvd##OaXlUUb-{hKOS&198SLJUpe)avT86v@PA!8jrN-L_ z-?qFynt&4*UeKWE!!ymSiq{bpB{FtKMSICw>WTFze@0yJet=n9C12j@j5rjchPk{Gjap@0-0JVw9g2*eDR_E*{Mmu=IO8s@@S=NZ-3o;n62|Y)4zp zMCce4)DXF!8^H!g;4#&OK62a|w?C8GNW;3Ge_&U_Y4%9jC<3D9*LRx`tFJFfNGTLS z$zoqOvdbW+1UL|^W$SNPy6jOe#ze?0n^bR+-DX|gFO-94D5y7esh}dd_r>%At27t_ zC4-6}YP>n%U`zX;s*=BLiSp2rGfhD(S`tiJDNGY4{2@Zd>8*g;E6nTk-Ifcc`ljGp zj=Ov$8lANy@(96#7l&WD9vig7gPdvqtW}Gh+#Yf2@f-NurN6w}un7C?)4{P7oq5-p zqb0ZMUdtbBKnVF^>~g1b_5+1wwJ(s}klGcKkx5@ruEv8k9*dIPrb{Frf0zJq<=Z<^ z!5_0@a&B13Os53LqtY98l>IgGKKMqf8Th&8Cl{{qEM)frUswM9^_Nk>%r1>^wdYB{ zZ0y+eo}u`0JfSiCtw0$FEoNVMxi^Hs09+QS0sC*gJv}M?ler{|;!k@Yi0vpXCxDR@_^d=u zaGU2ylP|oi4~sfX(z5OI(E)1PahfkRE5~*DsP!WU4zrOMet!;^rblL;G|LvUA;8zn zWtU@<;PpE_&HgSpoq6#y{PSg>7%flQ9ihyz#luB(r8n^lDThXx!ST{ubb4D+qfh#~ ze2D+Q-DfsUzzcN5)+P$R3vc-I{Ga-{g;;lhtIZzT?@TWLuT8EwHF-w=PZdkwePaE~ z&ZOTqyInIWHx6j|Gwz?~j>~Rj12R{>`?*8e4CIawlO&eK`3BHwEAqF~5TD<^$1O*b-3;{-

!|+F&&tJ$q>wI$O8_NnoRIH z^yxqeMBp88d4!2TXGB859Z%p18Eyv$BB=v67w?YonQh?cGs8glNBn8s`C@O}H|Sqx zyD5DAAHS6>#48Q`ZYoLB{U>|c?N51hOj5Yr!)Deo8^PVcv5*zt>YF_Do~;mn{s*F# zp~mEK-wlnKGiFQN)kyQvQBt&c)*0~}WLWCM*NPBDcP~wF7k25~H-{y=B>mYD$)v^e zOy(5&AKAqds9*J0IKAgvpU9#Yxho6rrwC1BUj{tp8wg6=ljjM({(Pb_W8OvKWR;}1 zZ0n~#x;Ocv=w98@cfe!$(F1a|r9E(KINwTbP6^v-35z6b_1%=N^||E80LR8+Q3thV zP3|~b{crW-jVw1$8ijwlHnG6ux}d7%;uAh)ZmG}C%#U!dpFjDx=xjOu=t|%MzUw9e=kqglF8@q*(%5wDcD#oXKW<>%Ga{*{NfT5DFvE6w3)JcwFknQ911 zdpAT*YF~HcdI9IgKQ3>I!i~;t%3b*+UFpv284D**)v7va;l9a$tN8Cmmo?Un7Bz=V zO)8YOZJ)n#lT+ZLYhiOa_Z9&c_&(oxd(n^UK&za$TKCs>e!wj6Otl1W`-jXtX&vrV zdZJ~9>c$l+La8THf1R`}FFNa^<#zIz%O{gr^^cA`h>xBWlviA3|NFIJT({81RW{$Z zslHDC;*xVD_W$1_%Omw8pU#|9evR#SuHWf=Zssf53aj@d-ny&sn+d&)HPse;?RD?# zr0Fl$7w}IOC{|-Ko>a6h_w>Hamp9FeD7vz*XLf1q-ra?{w`E?aW<4%7&p32-uEp6k z|1<7B>wERm?&R?|zkE;Sap$cooiepU_De1MgLdna$fdZc4$xNxH}`49g*f@_5bBoX zjMoIN7QcSg|6H1T&fmQ*IaVuYishyo33b|JFETy1ZGE#^Ozh>)ukLS~^V+uXh3c%s z8`i5&*{fT4u}pRG8<#ggUx3qBLtbW#lG)r9XZ-Gj&IBH)e0tsm?{-ze*FJNesh6(> zrs3Ra+iFYS{6BCxw{+5!D%)H2&%fP@cy%PGzApEm>{9h4(fzfMLe^osiN2t;M@_4> zdZD=LkvHpi3nld(d32!j#+sJd&gZNymEZjaT-SH+gUgzo`<3f$?X~>d0zIy6X@5O8PW|+GTC=WCyYWVK*D0?fY3e`L7+rtpSHZ^p?cEZeE3WTf zzuT7j>-HRP7x_-ssuX^fUd%^);P0 zG7rAqxFks_=qo67nA!?>d$>)k+x>{s-`nVt=1dJ!<*66W-k8?-I`q`d?FVn&ZGc6f zUuF)_O9?zmb8mPXPfkiq()OyGI=drO$8-0YBTJKIgWmg{(I{bc`8{Jrf1Fa7pO5KeTN?~1l!`GF5`*w1lqvWE}T8NXwK1T4cY;4F~Wwf|Oj<%b~&Dmgk)=_vSphw7*mL3 z%Q_g0ePWD>*_bgizt_;``}utTxWD&5zx%rGKklyTW#&4sbDrn9JkIm^IOmAHY-zk> z+re!jA|g9XP0n8x5!om%BC^hT>t^5^9gco5@K_gc)!0a+s9k0T_^{FaoW(g2k&+~_ zm0O#D&!WC2Hv&XNcGe63t!wi6=qe&|j&6GX+_g|=>M*Q8k#OU%N5ih7sEY@N_n0u$ zK^I$dp1Yko0OB9sc=fFED>3og8@E5)E+MZVzx#>F>$r{L>0*6*O;7Di{tepcqFho` zvR*?j_6RDtb?9cmgMN^9a6tpYL_u1*=^LzRc%nF%Fr075a<1^W-aA;`VVuRHn-o{E zKYzZS??Kb8AcYW$csuq2a-Nls-UvKizcgA8JT9BduLB-ObDshKi%43V2p><6frO9m zl7I$8?%&=f3Ovqg{J+=!e^ANSbiYV}W6=Ci=v+=Q`7?_kfLtWAZ7D7o65_B`|2NgsMpBrE@&+?8JllMIy6F6+DZv*>8tm(3Jmet`7D%#m-S&;2n}^r zXEap!c4N>LldW#42C~~kJ@ZNh>t6QmBhry1V!ov0L$PBZ-x^8r`&#b`p8bOO$;!?Z zq8fSEJ@e9KkzJjwWwX@@4C`mFAsxp>4JscS8L{1to~cesbeT)Ij@oVIV?4d%0{4?u zFdv?kU)zDPy&T^z!SUkEw{<&(bzanEm6ou$gsFDq7zc1RxhyM{ z;ly!rd9ruMakx{f#g@v%9;8-YJ3XIXH)=IHhxH0IOxL%fmYUDY5Ire;5-k9}9E?0q z&m+I&I7(SStt>kZF%8>_T{wE6!C#=tKH$;fE&}XJlUu37EkQ?!i_)4AN#Zv9rB9ywC#X&aK28 zT7Z*tH#piZlB-Mukoh5JgyL6^@PAF9gB>3kRyWm8al0S6WzWl8%^|J=dX zx8(YuI1|VEAp=vlk91E^=U@SiLxJ}xKZi)YJ&EK}EWJmqrQC&31t&hzK`ePE9$U@XZ~7p|I!w8txjbu=x-mXje`L5QG#!>kt1upCm4uB4O--kJ67M*8`Z@5=BwFBXI6exRhy+;pkfFAf zdmL2;X{`x9Gz#xpX_L0vC{fKX%m$jL2hZVVaA?&$av%7EA^8-!vQ2YFSBy|nAG|jw zud#1H&)u!>hGt($m~MNEv8DVv9j$2;{o?dS$#UfZ=kUPswhJ#qLKV+?&PDaSlJ@k0 zf75w2V3S1LLR6QdrgbL6bgkUD_s&ZPA&WyNyEJS#96Bw zi`@^gGa`gI7R_l!4m*zTZPpKfRi8*UQ2!2duq@_g>ogUdqFGf1)XyS*-i)8o4WPv2 zg(x*%HzT5TtP)_hD}c({Q6=qEE%MZnyk{br2ktcAntxAN=_HYMDL?;s^p~Dr!bkF% zStFxGw@jwfCv!WP52T*H+>tU2`bzMKEGX(RUbj2GMlYB!<{DJ@djaFBU!| z(b8tIMW=<6R_We@ba3bI?BK1bF00)^qC0>Rw>Lq<$$d;0Jy`UnnSO0J#Lb?TnLdMe zEpVX+W~L=&3L~ZmSrBp*At4mL?VhhTYN+6ZU1i z9GOoJ%;E(Edxw#y6jyz1c$;YR#N=d#%GMrA?BHg4xiTdX+yC3n*z&F7#MW2n>mc`n z<*5Mft;(D}9(rPqnXc9yp4@Z%E)iZ(QCYYwSjvb-RRXx~cPbB2Glqh*2dD*v z&YTg?jEtSW1|9-FOVEfxLd%d6%6uD|fA-*=bngh$=Pp|4A*_`7-w#>0BW)(<+QaDv zaZ8ZXcKpv@IqpGqACaWcm4?pDmy3G}tMXiB+C)`IO^n5Ki2$Ol6b=j<&Uo=?{ypiu z&+-7+rqG<&=VCF~#|@ceUItv$pW2^J|3_dE+y{^ctjWj(%!k6G@ z6v?GayJ(I?wU!=^%Lqg+2kK9Lg`K&zcY^$qUp_tbD^nUwj^$%D@rlhmu-^P1-#Gd; zOh@jBLwthPOBv7lu;t04Ad!g=JmCGektGmvtWs3oG+Nb;15UH-Ccpo@t?3_Hr=h6h*Q5Nn6py1 zA^A3G8O205?h+t7FvfG5fdA@on+3u08I@b*Q}^cZxGmHxVwbOz7Bwzxly5i6M9xmJ zK00N)sDoD8tmO*5BSs;%c=~{xl+lS(^GjUPy`+9>4c#icRY}z-=FazyLlK|gGb#Dh z=MK{kw#a_;u3es)Q@VYB7B{9Z~##km-*JwD-+(X1a%sesH8b1k&?HOaUTfmyFgu{UzLr)j?WrG>rl zZMkJU-p*jbd|4xsJsjemyiYhXi|A8ag^z(m=E50Wz|5*; znw(848H?X%8@C{p))dD!Tz&$~dA>LQIa$#xe9oGwB9|!C=X$g^Ph@|t&5*_$p|KC6ktKqEl|VR1;^4}Yk zZ&bE7*&1tVa@jvt_^Kaa0#k16jrA?*Ehe$-)+|wHakakfs##P62y_(NaA9jnK_z=6 zoOlG|xMclj16x05&GCGbdwk1!x`W?FM;&(5%raZ`r$5)<|4Dfdc8kXNx5Gb{aivW3}L#wB5&;D8oIp{_4fntD{;m_N+MV{+UCbs_ST-5*J37!b$`M?F^stU&RQLq%t`jN$+E9>ZkXr-+g z;fY*iC166FFVHkACvf5dfC(#;?rIgr^D{arMn=B0WaP88Sdx}oNuTX%nM#9%7;@QZ zWkM;!_9POn0+9t>3nF0*%q~t*eKI5XpZ?vV+utKP%GMcyg$u~YzaAmSTcn|l=Yu23 zNq{>EvE@SL!=sL-*T#RQsPs}Xr0g{_SRrPufso7+Fu-YR6W>#Gc$=+w)?;fG&_*bq z^Jw5bV8fcNO%!xpNO670mw;8hE^v_x6~gH*O(dxCSx0Cd(eO0C3iL%E8 zXUOjYKLZwy=t^I+un=;HXT#;?BiOnTTlCUaWB4y>sI6EcmT(-$RdiTsgeCRjm7xm%tsx1C1fp8Z*6ax> zzhh0jT_f~}g=Ox?OrX=PA<-RcgD+L2{K;1#!vANixBxUGXNMO7rX3DhxWr6AzOY&i zI-*?oCj)=0MulynVHT64sj8K)<`AEa8;o^Qun z%S9F&u1)HHi4w{oPIW-P|2vczKhfmW8^X&7=*0%)FM$OW@PC43{rbicIia5o{K*D9 zMt83Tc=*Md{l%ozgc1DgWd!l~xn@N*;BAskF?XJ|!W*U))E?7I((zn~+vO!lF0QsW zmzS@klw<&|S;-%7gK&2Af+OmWM>4|8y1$oB80^A*fG_-HAwSkBc4OaP$ehxtGOCk~ zWN;-x`^3lcO~zDAKg?sv*}(MM;X{{kGfe6Nj|09Ab|vp|Kjw{N_RW4sL*rM@tl~k# zjl_4Vpos1c{F@odko0E)4h%`s;ctar*akJ#6^%O%`WM8=AXa9JBg~Rp-N&m*S!N9lb=mKZkf z6}Qw|L%k&8+ijxfDqVHc%46OoeKInN@e!m5o;l4Qy^Zs>1!WGbNk7;JS?M-ouA+(G zzKOwYqK_2n5_vHbv3j)XepxL2Uka>58yOYF{Q6EI1^yF!z;9&@tIG@34Fw)NtpEUC zGrtR!3>KI~M5usH$d3dp0az)U^L?+lQ5zlbI+cvdn0E;l^72*3N3HlyOsbQ{7>Qp! zYx{0F+T_R(==9KuAO{SB`|lVYMII3E-)S6Q5V|U=UJy7I%3zBLEn2 z?*=7uvy?de!h_K5E+w)KfW6FO2)vo^v&~XyWKwOyrhWeb%zlB-0f%8hu0d9Oh(<>6 zinETc`&CZWaG~D0#p6WeR5+M-fnH2|{>9s@k4R}E$fe4RksUD1E*0DS9KEHk!}sQlhr{r%mksz+>Xqu%jW5%gf5Le0T#p|G20>= z(y}SoS^ue>^4t}1JhtO39%0~<(a)Zye9!%L5@MD6Y`4^=OHa2_icb}A9M$umeR;7o z!xgR{3wEwRII^1|0KAX?R&X$h5noy|6rF%R`k|hY&}C$#=6^w~B&KrVTh1pnoMYs2 z06EplVA#y2A+f}AFvE)Zj|0u)eh^n_OhAB0%OYQM2mn(u!Ph4(ybIaep1e<7yT!|4 z_hl11x0MDxOmzzv!5&Vtuy0_MSoXgI)v|*gIQo;6SQAi{e$XE}-F2HN<>B|^=;I1e zp`Oe}?*Zp;Mwu6f{99Cer&@?4on>3WJQB!|O76Id(^hOZYKsc+p$?%nSh;ibN=OHW zze3t49Q7?%=KO{DPrn--ivN+n<+p%G26EYCqMeugSc)yQXhg6qTye+mzWu0kxoLVj zCS$x#X~Ady!%6=Q-zzIGJDMz|&OQ-@~AUgU!bMLO<6fppR;s|qlMZXDFo(PmP0N99KFfx*$y!|$m zvUx0jYbQaLgJ0Uccf%zy(N5dr+AecX#cszgRPUZORF8~k2?qu8XN&pAfe~PJ4%d1dmKwYC z5ETZGj_TE|78pk-l*Vk^O{oo_$0jH4iWuEMz2eYlAfBiVhu*j=vEW;Awg^{!>E;SB zYC-C;^gLUW{pKx6A%~h@!eK%MER`zkc>*C6w?;@L@?-bd3KCA4zl>h`QkTPXY4!822-6t0_-+ z53RQS7rJTFgA!=)*60T`pEUJ!%wM;e+DX{d*UW85*`P=VL1Dl9x*Z7D7~Ye=r=Oa|!RDXu=1Z=8HRy1c*yp#S zgnvC6e2sJvMGsmWMr6H#C5f$f!O!g$Uy-}FHe`f#@!89E_g`*{jgFDteiC zOvMkQhftVK`ca(18@A^TKa|`wud`_P?%^Zy$M-Xe+%B6`s<~u9VM~m9Xou2?ar+~d zBer`Kd6Y^0^QhPC-0yqZz!1R8?JAg&YMPu+&FR3LELVQ*fPR!kECQ9HD%n;#QNFKv ziIPuv@;(yb^KhQB9v1Gndq4Nilgs-RoHcmKu7BAmSz1E(`NO(dy ze?bP;z}D(tsWb9dk7`AT`LoZ(q~+u&Tbt}ZVQphBoK+1?!U}-a;Q1PQyH}k;k>Yq% z#NI1ir0Rw7s;|$|_Zgoet?1vAztw9Kk#f!-8g=fdTBh5OU(=y{ddPrrYDaBE1qYo} z{cYUuLImVdoB9b5+vvv-=5UByROs?@m}Yd;H%$jg2}$vNd+Xx5mkIR>-~kj;`8vi zX+W#(7o+m`T=Xgb{q!N_xY0LtN&cm%j0&nCsn}Iwbz)%e@PgV;gXq;M?Hid zT}jyr_T;idAZZqMtK35kc{!_{M7XUH9i^-;*Ozt)C=dO#Zxf3z#gs{pshE5)3?_XC z#uL7ua|bb=o+ey#ZSkDm|CB5R&K`>cv=7v&TOlo+-yf)WRA}KoU}p#zZB$t3e~BrR zSO$paZq#^d(-ZZTU>%Q)M@ffyDu?DMoY_;j{lNx2c*M(HiW+vyC!kX)Tmi+i{8p_ z#y`6ZUaZadPg%hlJ<-m!LIxbm_#$LD1hdH<*Y$?vmQ8>{W~{44DqmPgu2mRA+(|j0 z2(0Pg^QKn2b&i-fBMKaQrdrbS9lWuMYofDPtD|=Aq_sK#HS!IM<3+`_0DYrO>k$(b z7LsmjcH!la0Afd#%V(GsI~GRHkD9INEtD$<>6FD1mwWOIQ`ST!`rvU@{!>7WZ5clH zvv*bxvg`#osgS5y)JhvX!Vb*zkRLOHB2TW)LJBA}NkHJ$td{AkDp^@tEz`?+c?XgV z0B%9}vbrpCWkKkL8A&zI)&>Gro4DR&^~|o2gZ6ngCZSWkY58mcLY|UeP{tLZ@tXMUF1?%yI zdqfUveGC*;UHhaO|Ci2K`F!b<6=a3EX86Cr>d(!IgR=(QDgSCVKK4Y;J83BFFK7aq ztX)XT{xn~07u=CN5e$HSelOshHfvfoWJE*ri<|*l0Tm{+Fp|?)|F`J;i*R+cU*t6y zNz|LS%fh!9mPW9q@_R9ep&k38b;MR{J{7a3sRl98B*&GOzh22JgIwWFOw|jGFmnAi z%4{_h!8pnnwG|kpE?R6&1C=wm8K3iVBC7zz;?Pz-722XH=8#g0WI z^j{8ZoWmNCG+(1`xL}0%6sWdJ8P?f8Lo>U~)URVk;GSy)$UFcq!lBdMi+Wb$eU%Q{ zbkEeX{FyJo1-v$ng5-+PSn>JF8$`Zf>C#`fn?N_sW_*TGR%xyiLO$f^Qgj_O*0&6e zM6v_cZfoQr zTQKe^WH*Njs7HXHUX#AA?XsD{f{>!+Gyd`>fF4-*(m-*`_s@1m8mgtOg29;kjrxwV zR5&?DKYcAeFfst49QH&mEAsc7Cx3$ikRGVQ0k8^#Fw_6W@RDs#MA6_F|A+E;znEy6 zbFJO*(r5=zq6vL>L|Fi=JuNGf$m+jjRR`i8;Gk6z%l<(vs+hmc_*|M#(vT*=ecK+{ z>bGwVMJieX=AxsL5X-}BGY=Jz+4(BA7yv~MA(`e(Inq49O`kYjSNthrbbc}CLEJEq zME`Xo9*YRHEdm&d^pJ>!=-HfQk4L-X68?A|7m)uEhn*pR1@Mw|RYf!d^BdTYw zBmO*+`^%|MBtb@GD@2sZKvN{W#~1*}rH%oBne^lAiL{s!AjZ)`l3)MN*A2aGU{a=# z7|D|xBV6NiiUm~$x7S(r#SVGx0ZxKc8Up)0z@Ps^$3yzt#?DoQc;j_RhC_YJJRyNY z{)~H6kN)s=nb)fs-m4ww2x+(F=JP7>l%0^{Ou8XBF|c4^qBXc6n*i)5k5DE*vWZ67 zTkc!G2ezB$UYq8&Q|(PYCU@dIkVv0uLrHN<$OF~mp!d0rk=uzu1;rA;(H7wEO}!vg zpQFVWPx-MwuT>9wWxO~J%8Xo}|LpZMk(y~>lS5=`P{D{76vYu#ON#Hze}n^s)0K!5 zKzbx)s@{G-uAzTdqCs#5)v6@w%4Wu@ap)nUx9C2R*@4^hP25cKk|M9WoLC1zE+dW>=nXuB>!Hy7 zzbWr!uj;0z1mb2GDGOv^S2Wx)P$P7Qd69ZI=_Yb2CvTh}`*n}-6i;xOr@Xu=E5r3J zy|Norc11vORc*~sKikt%fa?5pohP`<@ink0)jpkCa;GW^b`oc?pDsE)^wLcHCtrX$ z$i3+WlcVxyTjw!BSM^Ek+>8?HR#ej?!u2xJTY08A-g5SFq=0G{&Z}q%gmrg>d)N3O z+Zas4Oebg;RMp#)YnGiybq*IXHUkbA^|u`!Q;|^SCMaE*RXmHG^!#9YFk|wQ>HBeJ z6E8~86g&F!bqAK|mdlPe&*@jEyJTA(HEy!eWR3Lu)1%Poygoxq?!1qKe&69p{nM%@ zvIL4*V~=T5-&3gaBfc9H)3)*mf!W6JFzS6#LZOd8_LD|OygNgX^|A1-7uHZ5 z%hN_9l8Kt9Sz|i0gnx*arH-PkCJ3`Z-pji823(C|sV+}`SN3hgMji3{_>GX}eB^BS`c7&8X9aqrH}-Y+GXdg~F3(+dW< zT#)&zu#pLV7ose+DBw0?VBtF~eMYaAC6XxIc>R)bbU-B;Z+!NhX=-10BWGSQW_aQx z6y-G~UUN=3=~p0hSILWm()6Lwivm*Y;M2y`nRl-E1Zvud?%z>|_i<+Vunge%N%~8f zmdj4RW~Ot(fgu~Gvu565YCEa4LCx;CZ0P-ocfx3MI}t0bmArB)N6kt(02k%~LsjI& zD}vEgs`F(h9!PUf>Ek0}pKFl&2*h3WC2a`^xL11EC6_FTrVTv2=a z%>4230*_}mwPS5x`Xqm8Q@&eYcR}#^=@`RX-`aHY$II$k0{0`LM%GFn?bMi^sM>AZ z9O+4(VP@@<-i&BUqIY+>)*Jwk{&yk(`rqm8GFO{26C!OfGp8U;u*NZN}8Mf=Xu{5x(EGv*HXoa-Q!gXZeT zisIw34oCulzZ|OXBA`jeP7rXz>VZIl7_#B=AcLL0J;OOZU!EP|a=ZBnoS4O|?oX9?8 z+vOe}Q0F<4Y8~c10Xvh3*!0y;sE2Kb{?SBwB>Fi3^a+f5vgpV$P-b61xGDvg?VKdy z9tXJM<=^m2LqH2jakTG$et)u<3lpe~la`7l$Zh4gPur{J-BVn1Xlw#h2^5nbwzDdd zZL4~vOD9!FS#)KYXCaX9qg#2kjD2(VNpFVTW2VhC4ksK*p39}sa^0Iwm#IJWM#?bK zS#wk-j6$BSD!?suoLvbT2q=zF0~qBUckGwym1z6xt+x;;HFItouM zF@!hYs+q5!z3Ee#Smpam%~}9?H3H&hDEx!RH{Q$+F0lR{m220j^y{1Mg6uI+IfC_g zgvbwc4B+0rgR{zOG#na4h<9Z@$w6raazk+Vm<2`=)1Cr%7-ydMkDb3{?YRFK z$ed}ba==!zqsP#xScM9XA$H9ucEH@c%7|&N_Sg4ux7|+`p0AL+B#wE09$s#+KO@!j zGMD}yhJ7FKKJDixsTJ?yVkHwQXWyW0;$srz!FITz8#eICTP%DkY)Rc#>%A z%@fJo2telR%c#l(r2z?1XPmjxEzLS0@?kDEqSlCE^L@s@cL`#7M4C+yYhq3mGC|>|pgrhG&-Y(74 zcg3qTQyKG@P41?O#zuUr+ze~h#4)Apiy<1-s)%H0^ba-Y7u+`+ZuyrE=kTJAH+@og+ zR%dH6-=p4*^K*{%VcZbKcjNwyKX6~-jnGOC%JZGPt*<7FU^!-URUpA@v&f9!itn%+ zPZQByMS3tF@s%Qh(t>&1dMs>4T}px88{KfzX-mB;23+fk{O+=iGjY6M>H_!F-BhAE zja|kI$dD%fY-KUOBV0K|4`{{r=VOmI_%;BCc<(1`RoVlmm_1j27DA_cHV~4&{=nza z*8lToes3uQ$5%(NvqRX3xkEB&de(b-FW+OBOC~-s{!AR<_1ZU<(_43r>NH`afdi~Q z!7?*;6HVz<9Xygl1kP6bwn~ZzYd$|!jB37YUO6xR6H7flGGBJh#Ka;2A^-0d%$e{R zWxBgX^3fz10Z10hagTcYI)rd2qSGSm!s)~h#oi}d!kNk}r^#CWv-V^bWZ3w{k3_|0 z=JgHX*D-d@FK;u0@8Cy%6;$6aOuO6!q-kJ5@PtW|0e(0irhB(2CZ>rHA0mN^tVRU> zS|PS+RatprON#kKR)sTR7Av@H7g8$E3MYUK3U5rKz@iapp^c`Lo7vh| zsMG1RBbNU3i8wJCMVEuWQMACa@J&xoE$_T2{)Z)4(CP9^@eZ-C{De7uu)z+Zi14X8 zKukOw=15Df{N1Im+zA*^q#YC;l@%`~{wgZy<;|Vq4Cl9JG&}6WD_ouQgaz*%oC z6Zu=pFeBV0$$%15CEMBe;N-K7v9MQ@xtBOE&0Hr8pK@BHC68`yc|Wmr99<#^d5g|M z>%E&-4)bnAS76%9X`f1VHSK}!y+XrGeg;;h`(?r&)2*h74S~KXMlTws-)7^SwUbYV z03DjThTHCtWP)??*(EA+97F>QSQ5{}^t?lU#ph>)oUSeRJ&EoJr`{u3yL80AlSP*K z)bZsUZvZFOeK#Ki&ACqI?|_XH&Gu8!u?pv&DPcdM43#7XThM=r+$QCSW&e^|os9V}ruv z>dy!FqDgxtbrpFQzfn~BLLNJ-70p1gLWd<>WV5n=ww9^AK0k}TTN`XX5DtnTq22QE z!j@xXRnDeb@hvfM+g~a6yo4N1xD50Ide|-`MNirB-H5jA zoB2#-!T_W!=47d4O@k|0sP(&kHf~0a6?%eELDP zG-PH@s;ar`;JWtQc^}TSk2^a=4QbgrkSTRhY|&w_co)9u(+Y`PcE?+~_+0U`FNKF1 zg8*l98ImJ-%`;OI5zWN)CoKVmQ8QjY$8)fge!PpGhw80vZ>EEIR%{J_g@d3bX~40Q ziH!+vC!FwH@Ipy;VzA0utq4k{Y<-51xC%RprQm}FGS0+3d@o4jx zlSfQ%(!m&pOxNB_b}3RWDgW6?L*5CUM%ZN&o!i7(*|Zu}kqJrhQJrY8xdTpqv(6** zrHkP2OI0GzT`vz9897MOZaX!2CwDQ+;n<@ZW_dZp;z(siPJtFU(H^(rQ9WC{2;{ z8fdP&9BHpWp)D%nv*!0+p4_=j6xM}K&%5E4yp)G%)i2`4H4VnQYav0GRyZxYxU>W; zrhVml{6cV_ASoAYI+6S17p++1W!@o5&l&eW`h^nX0Fy#=_xX*ZS~Z=-QtjRX!NeIl&=1ioNjUDwK+!=0Xak2D}E70a(r8n?mq8VorsoKb!EgCBDMW8 z5B%e^d>&&JawF2K<{XfQEMyL)PA`Pk>6T?xyr-J5?%m2sE>3=ZPsQ>_h_ls+EJMSh zDp(r%;OItSibu?s$ZS>qP}XHscj?9CzP;k`W`g7GRMQ?5Gr{{G9N%0VbG?fg6DNg( zIo>l&*d+>!>8;#M%wiDcxh21oK4{b&e|x%Gl}b;cLbC8Tq4CsiXRadzYuLT~DE3ZY zE?V8sf->{IJAiHs)6*x2D4!D+yO+|IyrJi}0{a{(YH!q!gBXKk@v@Ths-VJQJS^aI z+R(+|qo7kQQRfZQQ;Ch|97@f7c+q_nt5$C_C~qacJ;$N;X85B*;oNX6$DDt7R5O`o zc-IVe`5oFR+w;Bzz(47Q%>D;vC0^P>coapCZA5Bc{Ie2usC3pZ=X28JAjx)6JDA)isul z=4~O86w^HNbP{ozvq9&OFo8{f4)WC#!sK-KsE#T0fazy&3pfeva!H~%Lcu2R`h{v7 z&ML}1dF3#^oyqzxu~{^-%nRvd0o3i0>t1Ut-{btenI7zLF?rPa;m}V|+XUCpWKftj z9W>o`DI@GL*QMWB%Zj5rU=B?OJlLtPJ2}w+jKr@Rv{L9b7pf-pC%tq(vA)Co4WPCNaYJ`FI_WGXDUMpo=)`4UV6sp_ViNojv;?T&(}s z7puOCz7!yM5?2B@d|%_RGD(mJ)K?C)om{qk8bs6q0u>wHd7lz5%-7cMLyb}yX4|b@ zAcfRRgleizQP8qPsrA^F`xC+oT$%TyLE+m(3q76qQGjG8P{2zkeNMd5!$Y(5Ft&$e zrcu~RRkmQ76aagVkOOY>3HRByfx4Z-&Mz{XYj6@>D@t=na4Qehl6EK34-a{ zxru2l2?!<$UCgXv?fkqeI!Iais*iCO+M{qM3l&B|49NN5RP!Tux%X9PXL}KDR(v~s z0>aA#%`ywJ-_d!7dF-H*Lw$>66`+b9swZ!_4-=|wlV&XKl6I$)wAr6m0`R7oKb2;T zM!68tDWwNq+>Zp@l_cf=p8ZH|(7upxoy?4kdt7dlq4u|DG$Z=U zc#AIF(wrXSKCbRC#G1J0JPc4@J^wNHO}cyFkVvc0I8RTB-pB+si4L56AZ_(WGuAOf zCed;i+!XGe{cE3cyb3N7oYY;*CGJZ)9V2IDA%<#Va!?vUeYOFCyKGyi#e-GjMm__j z%tTsu54y!Ycgv$XQ&$gYvDncWorfP`pOfb3DJ-z2w@6Vep#957O}pT+zOTM+auFSA ztucLwOEvZ4B0#f|D657h6r~xKevs=cvv7S6@BNt+R<%8ncly5exp~Ez0Lr1nBc#3o z|K+!2P)T>~&bMgcRjG`Faw2-djQ#0%)5U4e9n5z#QNG6q@-M)GQ2ml3{u(338I{Fk zC&jUQ3O69KW-(1D;-?b##yxvQ>I`3TPDL0P6yQhF-r(J27HVaS@@~oupxaYhqzsf} zOAxpq`CA!el^Gweu)pGaXMyrWN6n3NI6xBBXLhQ|mGd#VF&#am|IO83?=-7bXBPd- zmhD5#>~t#eHC!PEcS%aME3<80I?(!cy8f$cP$b33NEdOZJn22YWNKZd5)c|+_YIy` zjYvZx1`xl>*@g(3qMt;wGt3))T+1rUvC+l;6Y=fxpvE1100bWNy{F&b1?GdQ1T!lh z+Zbf?dig`~pANK)d^WJGBll%U8y6LpQ5UTd3Ht{KSd|+Wpcmhb5wx%d_i}&sBj^>V z$nqg&2C)3e0ck4{FmI~pzDd(BXs)Sjc(b>ym(FkT9;MtSO#@cYEk(-}3bUb^Qt7sQ zmpG`wirXDPX`?1N5*yW8tRTvt@*1y-6aaPmXsg|J7vSA}At z?kCP=4b_&FtG3xSA!oIQ_eF0UMNx_<_;IUC_OLTdiS8U2r}SA%k@z7mr*-#Ct=l zd;mc5E*aoC--P2+sqawK{5u%MFz3Or#HpZ{)=~zVE!&-wx%tm8=Ax%Y_cx0AJ{0tZtCvwx z6$t&Ik+z9tLvjj31CN;L*P_4Y;?B;%C(xcG<7M(K-cqIWlQYef0_hgFobBvzXrx0f zi(omiQRmj`+UaNn+_nQ*S&W}Dc{sbV&|-01KyI}tChSpkKIgMNy{S;CnVQ6S) zQDSsbxI*6XHyv|yP@j3~ippC!f6p8K*4h0fZ%Opj~x zZ_C3k-}}a3w0)q;+r)Zm7BMv070%;mr!Lz*a(S2GG}`B6-#E_@Mq&091<8FtC?%1d z1F|Y%X}sr@vVBR)7+y&_?9&C9F{5Uk3|L4twYG~o-ne=wg9|_F18=UJ^=nluuLdEA zO3kq-!>6op%|2M;Nw>8B>MyRbLL5Uah4>>j<5)wiCO7nleHDkk(>MFBU$t;G$hR!E z@1?4Exnrq4=0ZynD7sB~+G#wsNDKUURR@ZQ7hcfLeoT2c{E_Fdu@(_U2|xo9`b7ZL zP=_3bs%d#Y8MuWf@?zlF1F>CCOkHSCA3ERedrF+n-PQOD&k6M_8#c+ z7g(2V7rEve-;{fFur^n9WMqJ6=pM(kq`n)VN}FI5Zy0~`EJ`h>mO}ctT&zJn~j|* zq;o0v50UjeSV=|2o6nH*T;cypY2b!^p1R1buu=v(kt}LaPWyFYPwi) z3@{;=zniW9YAWP`p7vgdI;!Q38pnAgi-m~($t{F*3^7vBF<)+2RJT^WF+&rdR8+zu z54lXtqd4Cf+5kbzqr5kyYL!!q;c>*SCJA19q5*~~;#(^8Gb8!f1k~tji>U7Rc=oYy zA3#XqO>Iqsk8xtw&4EMc`u*^WxdfNHaqAzg|N8ShaS}ce89;aC{Pxik$rS4OCb*NZ zOFI^()|o&A_Piw-OgxX6U~;kG}F~$eS1>P z8a*8tSIQI3jYzTEK-hl9^8%Nm!uO;s^bQfrRAK&+do*lBaZlo)KV>VN+Ekv{-k-9e z~WUT#o} zjzUF>H5m?X5s^_}4cNn1yitPyF9DjW2GyAoP5f>HhuJJjZqeyas1vGv8cWQmqNL!* zV~mppUlP%8A;Q QcY=uN1Hq)$ literal 0 HcmV?d00001 diff --git a/community/security/security-release-process.md b/community/security/security-release-process.md new file mode 100644 index 000000000..3925a482a --- /dev/null +++ b/community/security/security-release-process.md @@ -0,0 +1,130 @@ +# Security Release Process + +Kurator has always attached great importance to vulnerability management in development and maintenance. The Kurator community has adopted this security disclosures and response policy to ensure we responsibly handle critical issues. + + + +- [Security Release Process](#security-release-process) + - [The Security Team](#the-security-team) + - [The Security Team Membership](#the-security-team-membership) + - [Joining](#joining) + - [Stepping Down](#stepping-down) + - [Responsibilities](#responsibilities) + - [Associate](#associate) + - [Process a undisclosed vulnerability](#process-a-undisclosed-vulnerability) + - [Process a publicly disclosed vulnerability](#process-a-publicly-disclosed-vulnerability) + - [Vulnerability handling process](#vulnerability-handling-process) + - [Patch, Release, and Public Communication](#patch-release-and-public-communication) + - [Fix Development Process](#fix-development-process) + - [Fix Disclosure Process](#fix-disclosure-process) + - [Private Distributors List](#private-distributors-list) + +## The Security Team + +Security is of the highest importance and security vulnerabilities should be handled quickly and sometimes privately. + +The Security Team is responsible for organizing the entire response including internal communication and external disclosure but will need help from relevant developers and release managers to successfully run this process. The Security Team membership is managed [here](security-groups.md). + +### The Security Team Membership + +#### Joining + +New potential members to the security team will first fill a minimum of a 3 month rotation in the [Associate](#Associate) role. These individuals will be nominated by individuals on maintainers. + +#### Stepping Down + +Members may step down at anytime. + +#### Responsibilities + +- Members should remain active and responsive. +- Longer leaves of absence should be discussed on a case-by-case basis, and may include an associate temporarily onboarding. +- Members of a role should remove any other members that have not communicated a leave of absence and either cannot be reached for more than 2 months or are not fulfilling their documented responsibilities for more than 2 months. This may be done through a super-majority vote of members. + +##### Associate + +A role for those wishing to join the security team. + +Their rotation will involve the following: + +- lead disclosures that are publicly disclosed or explicitly designated as low sensitivity (often done because of reporter request, a low CVSS score, or design issue that requires long-term refactoring). +- assisting in process improvements, bug bounty administration, audits, or other non-disclosure activities + +## Process a undisclosed vulnerability + +The Kurator Community asks that all suspected vulnerabilities be privately and responsibly disclosed via a recommended way available at [here](report-a-vulnerability.md). + +If the vulnerability is accepted, its remediation priority, and develop remediations (including mitigations, patches/versions, and other risk mitigations) will be determined follow the procedure at [here](#vulnerability-handling-process). + +## Process a publicly disclosed vulnerability + +If you know of a publicly disclosed security vulnerability please IMMEDIATELY email [kurator-security@googlegroups.com](mailto:kurator-security@googlegroups.com) to inform the Security Team about the vulnerability so they may start the patch, release, and communication process. + +If possible the Security Team will ask the person making the public report if the issue can be handled via a private disclosure process. If the reporter denies the request, the Security Team will move swiftly with the fix and release process. + +## Vulnerability handling process + +The following flowchart shows the vulnerability handling process. We will strictly handle the reporting vulnerability according to this procedure. + + + +## Patch, Release, and Public Communication + +All of the timelines below are suggestions and assume a Private Disclosure. + +The Security Team drives the schedule using their best judgment based on severity, development time, and release manager feedback. If the fix relies on another upstream project's disclosure timeline, that will adjust the process as well. We will work with the upstream project to fit their timeline and best protect +our users. + +The following is a timeline of a vulnerability process. + + + +### Fix Development Process + +This part should be completed within the 1-7 days of Disclosure. + +After receiving any suspected vulnerability, the Security Team will discuss the issue with the reporter(s) and Kurator's security advisors to analyze/validate the vulnerability, assess its severity based on its actual impact on Kurator. + +If the vulnerability is accepted, its remediation priority, and develop remediations (including mitigations, patches/versions, and other risk mitigations) will be determined. + +The Security Team will launch a CVE procedures to get a CVSS score and CVE ID. The CVSS v3 adopted by the Kurator community assesses the impact of a vulnerability. + +If the CVSS score is under ~4.0 ([a low severity score](https://www.first.org/cvss/specification-document#i5)) or the assessed risk is low the Security Team can decide to slow the release process down in the face of holidays, developer bandwidth, etc. + +If the CVSS score is under ~7.0 (a medium severity score), the Security Team may choose to carry out the fix semi-publicly. This means that PRs are made directly in the public kurator-dev/kurator repo, while restricting discussion of the security aspects to private channels. The Security Team will make the determination whether there would be user harm in handling the fix publicly that outweighs the benefits of open engagement with the community. + +Critical and High severity vulnerability fixes will typically receive an out-of-band release. Medium and Low severity vulnerability fixes will be released as part of the next Kurator [patch release](https://github.com/kurator-dev/kurator/releases). + +Note: CVSS is convenient but imperfect. Ultimately, the Security Team has discretion on classifying the severity of a vulnerability. + +### Fix Disclosure Process + +With the Fix Development underway, the Security Team needs to come up with an overall communication plan for the wider community. This Disclosure process should begin after the Security Team has developed a Fix or mitigation so that a realistic timeline can be communicated to users. Emergency releases for critical and high severity issues or fixes for issues already made public may affect the below timelines for how quickly or far in advance notifications will occur. + +**Advance Vulnerability Disclosure to Private Distributors List** (Completed within 1-4 weeks prior to public disclosure): + +- The [Private Distributors List](#private-distributors-list) will be given advance notification of any vulnerability that is assigned a CVE, at least 7 days before the planned public disclosure date. The notification will include all information that can be reasonably provided at the time of the notification. This may include patches or links to PRs, proofs of concept or instructions to reproduce the vulnerability, known mitigations, and timelines for public disclosure. Distributors should read about the [Private Distributors List](#private-distributors-list) to find out the requirements for being added to this list. +- **What if a vendor breaks embargo?** The Security Team will assess the damage and will make the call to release earlier or continue with the plan. When in doubt push forward and go public ASAP. + +**Fix Release Day** +Release process: + +- The Security Team will cherry-pick the patches onto the master branch and all relevant release branches. +- The Release Managers will merge these PRs as quickly as possible. Changes shouldn't be made to the commits at this point, to prevent potential conflicts with the patches sent to distributors, and conflicts as the fix is cherry-picked around branches. +- The Release Managers will ensure all the binaries are built, publicly available, and functional. + +Communications process: + +- The [Private Distributors List](#private-distributors-list) will be notified at least 24 hours in advance of a pending release containing security vulnerability fixes with the public messaging, date, and time of the announcement. +- The Security Team will announce the new releases, the CVE number, severity, and impact, and the + location of the binaries to get wide distribution and user action. As much as possible this + announcement should be actionable, and include any mitigating steps users can take prior to + upgrading to a fixed version. The announcement will be sent via the following channels: + - Tracking issue opened in [kurator](https://github.com/kurator-dev/kurator/issues) and prefixed with the associated CVE ID (if applicable) + - [Patch release](https://github.com/kurator-dev/kurator/releases), will have the fix details included in the patch release notes. Any public announcement sent for these fixes will link to the release notes. + +## Private Distributors List + +This list is used to provide actionable information to multiple distribution vendors at once. + +See the [private distributor list doc](private-distributors-list.md) for more information. From 98cf4bf79ac096b6ab7e7f7c18ca0427d221d30b Mon Sep 17 00:00:00 2001 From: LiZhenCheng9527 Date: Wed, 22 Nov 2023 09:57:38 +0800 Subject: [PATCH 2/2] Fixed spelling errors Signed-off-by: LiZhenCheng9527 --- community/security/security-release-process.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/community/security/security-release-process.md b/community/security/security-release-process.md index 3925a482a..0751c6b1b 100644 --- a/community/security/security-release-process.md +++ b/community/security/security-release-process.md @@ -11,7 +11,7 @@ Kurator has always attached great importance to vulnerability management in deve - [Stepping Down](#stepping-down) - [Responsibilities](#responsibilities) - [Associate](#associate) - - [Process a undisclosed vulnerability](#process-a-undisclosed-vulnerability) + - [Process an undisclosed vulnerability](#process-an-undisclosed-vulnerability) - [Process a publicly disclosed vulnerability](#process-a-publicly-disclosed-vulnerability) - [Vulnerability handling process](#vulnerability-handling-process) - [Patch, Release, and Public Communication](#patch-release-and-public-communication) @@ -50,7 +50,7 @@ Their rotation will involve the following: - lead disclosures that are publicly disclosed or explicitly designated as low sensitivity (often done because of reporter request, a low CVSS score, or design issue that requires long-term refactoring). - assisting in process improvements, bug bounty administration, audits, or other non-disclosure activities -## Process a undisclosed vulnerability +## Process an undisclosed vulnerability The Kurator Community asks that all suspected vulnerabilities be privately and responsibly disclosed via a recommended way available at [here](report-a-vulnerability.md).